Over 1 million tech questions and answers.

Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Q: Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random)Run by William Junior at 2008-11-29 00:50:00Microsoft Windows XP Professional Service Pack 3System drive C: has 7 GB (17%) free of 41 GBTotal RAM: 510 MB (26% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:50:13, on 29/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\William Junior\My Documents\Downloads\Programs\RSIT.exeC:\Program Files\trend micro\William Junior.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-117609710-823518204-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'William Senior')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cabO16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cabO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe--End of file - 7044 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\At1.jobC:\WINDOWS\tasks\At10.jobC:\WINDOWS\tasks\At11.jobC:\WINDOWS\tasks\At12.jobC:\WINDOWS\tasks\At13.jobC:\WINDOWS\tasks\At14.jobC:\WINDOWS\tasks\At15.jobC:\WINDOWS\tasks\At16.jobC:\WINDOWS\tasks\At17.jobC:\WINDOWS\tasks\At18.jobC:\WINDOWS\tasks\At19.jobC:\WINDOWS\tasks\At2.jobC:\WINDOWS\tasks\At20.jobC:\WINDOWS\tasks\At21.jobC:\WINDOWS\tasks\At22.jobC:\WINDOWS\tasks\At23.jobC:\WINDOWS\tasks\At24.jobC:\WINDOWS\tasks\At3.jobC:\WINDOWS\tasks\At4.jobC:\WINDOWS\tasks\At5.jobC:\WINDOWS\tasks\At6.jobC:\WINDOWS\tasks\At7.jobC:\WINDOWS\tasks\At8.jobC:\WINDOWS\tasks\At9.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-09-12 153008][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-06-09 6746112]"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-04-29 45056]"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2008-11-07 1797880]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-11-06 2607616][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"="NoDrives"="NoDriveAutoRun"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus""C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Documents and Settings\Shane O'Neill\My Documents\My Music\utorrent.exe"="C:\Documents and Settings\Shane O'Neill\My Documents\My Music\utorrent.exe:*:Enabled:?Torrent"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======File associations======.txt - open - C:\WINDOWS\NOTEPAD.EXE %1======List of files/folders created in the last 1 months======2008-11-29 00:40:23 ----D---- C:\Program Files\trend micro2008-11-29 00:40:21 ----D---- C:\rsit2008-11-26 23:57:29 ----A---- C:\WINDOWS\system32\javaws.exe2008-11-26 23:57:29 ----A---- C:\WINDOWS\system32\javaw.exe2008-11-26 23:57:29 ----A---- C:\WINDOWS\system32\java.exe2008-11-26 23:57:29 ----A---- C:\WINDOWS\system32\deploytk.dll2008-11-24 20:26:21 ----D---- C:\Program Files\Common Files\Nero2008-11-21 13:45:57 ----D---- C:\Program Files\iPod2008-11-21 13:45:34 ----D---- C:\Program Files\iTunes2008-11-21 13:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2008-11-21 13:40:52 ----D---- C:\Program Files\QuickTime2008-11-21 13:31:14 ----D---- C:\Program Files\Safari2008-11-21 13:20:32 ----A---- C:\WINDOWS\system32\wmpns.dll2008-11-19 18:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$2008-11-19 18:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$2008-11-19 18:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$2008-11-19 18:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-11-19 18:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-11-16 20:43:37 ----D---- C:\Documents and Settings\William Junior\Application Data\vlc2008-11-13 18:17:08 ----A---- C:\Bug.txt2008-11-13 18:17:06 ----A---- C:\WINDOWS\system32\cmd.execf2008-11-13 18:16:56 ----D---- C:\32788R22FWJFW2008-11-12 22:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$2008-11-12 22:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$2008-11-12 22:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$2008-11-11 22:58:42 ----D---- C:\Documents and Settings\William Junior\Application Data\TortoiseSVN2008-11-11 22:51:18 ----D---- C:\Documents and Settings\William Junior\Application Data\Subversion2008-11-11 22:44:43 ----D---- C:\Program Files\TortoiseSVN2008-11-11 22:44:42 ----D---- C:\Program Files\Common Files\TortoiseOverlays2008-11-11 22:15:18 ----D---- C:\Documents and Settings\William Junior\Application Data\mIRC2008-11-11 22:15:17 ----D---- C:\Program Files\mIRC2008-11-11 13:13:48 ----D---- C:\Program Files\NOS2008-11-10 19:42:07 ----D---- C:\Documents and Settings\William Junior\Application Data\AVSMedia2008-11-10 19:35:46 ----A---- C:\WINDOWS\system32\xvidvfw.dll2008-11-10 19:35:46 ----A---- C:\WINDOWS\system32\xvidcore.dll2008-11-10 19:35:46 ----A---- C:\WINDOWS\system32\mpg4c32.dll2008-11-10 19:35:46 ----A---- C:\WINDOWS\system32\mcdvd_32.dll2008-11-10 19:35:46 ----A---- C:\WINDOWS\system32\divx.dll2008-11-10 00:06:29 ----D---- C:\Program Files\CCleaner2008-11-09 22:30:27 ----RSHD---- C:\RECYCLER2008-11-09 10:36:09 ----A---- C:\ComboFix.txt2008-11-09 00:25:25 ----A---- C:\Boot.bak2008-11-09 00:25:00 ----RASHD---- C:\cmdcons2008-11-09 00:15:20 ----A---- C:\WINDOWS\zip.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\VFIND.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\SWSC.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\SWREG.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\sed.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\NIRCMD.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\grep.exe2008-11-09 00:15:20 ----A---- C:\WINDOWS\fdsv.exe2008-11-09 00:15:19 ----A---- C:\WINDOWS\SWXCACLS.exe2008-11-09 00:14:52 ----D---- C:\WINDOWS\ERDNT2008-11-09 00:14:52 ----D---- C:\Qoobox2008-11-08 22:10:59 ----D---- C:\Program Files\Lavasoft2008-11-08 22:10:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-11-08 22:09:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard2008-11-08 19:29:33 ----D---- C:\Program Files\VideoLAN2008-11-08 19:12:54 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU2008-11-08 19:09:14 ----D---- C:\Program Files\Common Files\AVSMedia2008-11-08 19:06:51 ----A---- C:\WINDOWS\system32\msvcr70.dll2008-11-08 19:06:51 ----A---- C:\WINDOWS\system32\msvcp70.dll2008-11-08 19:06:51 ----A---- C:\WINDOWS\system32\mfc70.dll2008-11-08 19:06:50 ----A---- C:\WINDOWS\system32\msxml3a.dll2008-11-08 19:06:50 ----A---- C:\WINDOWS\system32\GdiPlus.dll2008-11-07 23:25:06 ----A---- C:\WINDOWS\system32\guard32.dll2008-11-07 13:51:31 ----H---- C:\WINDOWS\bolivar24.exe2008-11-07 00:00:00 ----A---- C:\WINDOWS\wininit.ini2008-11-06 20:34:29 ----A---- C:\WINDOWS\system32\BASSMOD.dll2008-11-06 20:34:22 ----D---- C:\Documents and Settings\William Junior\Application Data\IDM2008-11-06 20:34:11 ----D---- C:\Program Files\Internet Download Manager2008-11-06 20:07:17 ----D---- C:\Program Files\Spybot - Search & Destroy2008-11-06 20:07:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-11-06 15:36:03 ----A---- C:\Documents and Settings\All Users\Application Data\FreeApp.exe2008-11-06 09:25:50 ----D---- C:\Program Files\Applications2008-11-05 20:57:58 ----D---- C:\Documents and Settings\William Junior\Application Data\Nero2008-11-05 20:54:25 ----D---- C:\Program Files\Nero 92008-11-05 20:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage2008-11-03 21:25:22 ----D---- C:\Program Files\AVSMedia======List of files/folders modified in the last 1 months======2008-11-29 00:49:38 ----D---- C:\Program Files\Mozilla Firefox2008-11-29 00:49:27 ----D---- C:\WINDOWS\Prefetch2008-11-29 00:40:23 ----RD---- C:\Program Files2008-11-28 14:11:46 ----D---- C:\WINDOWS\system32\CatRoot22008-11-28 12:50:02 ----D---- C:\WINDOWS\system32\Lang2008-11-28 12:49:58 ----D---- C:\WINDOWS\Temp2008-11-27 22:11:35 ----D---- C:\Documents and Settings\William Junior\Application Data\DMCache2008-11-27 21:17:51 ----A---- C:\WINDOWS\SchedLgU.Txt2008-11-27 00:00:42 ----SHD---- C:\WINDOWS\Installer2008-11-26 23:57:30 ----D---- C:\WINDOWS\system322008-11-26 23:56:33 ----D---- C:\Program Files\Java2008-11-26 12:12:04 ----SD---- C:\WINDOWS\Downloaded Program Files2008-11-26 12:12:02 ----D---- C:\WINDOWS2008-11-26 00:24:27 ----D---- C:\Program Files\Google2008-11-26 00:24:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google2008-11-24 20:26:21 ----D---- C:\Program Files\Common Files2008-11-24 20:22:59 ----D---- C:\WINDOWS\system32\appmgmt2008-11-24 20:21:23 ----D---- C:\Program Files\COMODO2008-11-23 20:51:06 ----SD---- C:\Documents and Settings\William Junior\Application Data\Microsoft2008-11-21 17:56:17 ----D---- C:\WINDOWS\system32\drivers2008-11-21 17:56:14 ----HD---- C:\WINDOWS\inf2008-11-21 13:45:54 ----D---- C:\Program Files\Common Files\Apple2008-11-21 13:37:28 ----DC---- C:\WINDOWS\system32\DRVSTORE2008-11-21 13:20:18 ----D---- C:\Documents and Settings2008-11-19 18:15:22 ----D---- C:\Program Files\Internet Explorer2008-11-19 18:15:05 ----D---- C:\WINDOWS\ie7updates2008-11-16 12:02:23 ----D---- C:\WINDOWS\network diagnostic2008-11-15 20:53:47 ----D---- C:\Documents and Settings\William Junior\Application Data\Adobe2008-11-15 19:41:42 ----D---- C:\WINDOWS\Debug2008-11-13 16:15:10 ----D---- C:\WINDOWS\Help2008-11-12 22:35:35 ----RSHDC---- C:\WINDOWS\system32\dllcache2008-11-12 22:35:31 ----HD---- C:\WINDOWS\$hf_mig$2008-11-12 22:34:23 ----D---- C:\WINDOWS\WinSxS2008-11-11 20:20:04 ----D---- C:\Documents and Settings\All Users\Application Data\NOS2008-11-09 10:32:33 ----A---- C:\WINDOWS\system.ini2008-11-09 00:33:43 ----D---- C:\WINDOWS\AppPatch2008-11-09 00:25:26 ----RASH---- C:\boot.ini2008-11-08 19:07:13 ----D---- C:\Program Files\Common Files\Microsoft Shared2008-11-08 09:07:32 ----D---- C:\Documents and Settings\William Junior\Application Data\Comodo2008-11-08 09:00:14 ----D---- C:\Documents and Settings\All Users\Application Data\comodo2008-11-07 16:50:49 ----D---- C:\WINDOWS\system32\Macromed2008-11-06 09:24:21 ----SD---- C:\WINDOWS\Tasks2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe2008-11-03 21:27:39 ----RSD---- C:\WINDOWS\Fonts======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-07 99856]R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-07 31504]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-03 17801]R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354]R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-13 155648]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-05-23 178048]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-09 3192192]R3 SNC;Sony Notebook Control Device; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2001-08-17 20752]R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-06-10 76800]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2008-11-07 614136]R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-09 127044]R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264]R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]S2 Remote Procedure Call (RPC) (RpcSs) ;Remote Procedure Call (RPC) (RpcSs) ; C:\Program Files\tinyproxy\tinyproxy.exe []-----------------EOF-----------------info.txt logfile of random's system information tool 1.04 2008-11-29 00:48:32======Uninstall list======-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAcrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"AVS Video Tools 5.6-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -uHDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.infHigh Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exeHijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstallHotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exeIntel® PRO Network Connections Drivers-->Prounstl.exeIntel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exeInternet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exeiTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRCmMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exemPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}Nero 9.0.9.4 Lite-->"C:\Program Files\Nero 9\unins000.exe"NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUIOpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}Realtek High Definition Audio Driver-->RtlUpd.exe -rSafari-->MsiExec.exe /I{34F85A4D-03CC-428A-80A4-880228646518}Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infSecurity Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exeWindows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exeHosts File MissingThank You for looking

RELEVANCY SCORE 200
Preferred Solution: Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 4 answers
RELEVANCY SCORE 273.2

I have an F-Secure internet security software suite on this computer, and it is up-to-date and functioning. I also have MalwareBytes (free) installed and have been running it regularly, and I use the ESET Online Scanner as well. The OS is Windows XP, and it is up-to-date.About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner. A few days ago, Adware.Win32.WebHancer.x was found by F-Secure, and is currently quarantined. Today, several instances of the two Trojan-Spy programs were found and quarantined by F-Secure; they infect system files and system restore files. I already looked up information on cleaning the system restore files by stopping and restarting system restore (and scanning inbetween). I deleted the quarantined files.All of the Spy-Trojan's found are infecting in C:\hp\recovery\wizard\fscommand\. The file names are:AppRecoveryLink_ret.exeCDLogic_ret.exeCreatorLink_ret.exeRestoreLink_ret.exeRTCDLink_ret.exeRunLink_ret.exeSysRecoveryLink_ret.exeWizardLink_ret.exeThe Adware infected a .dll file, and I was advised not to delete it.CDLogic_ret.exe is Agent.bdzz; the rest are Agent.beafI have run my antivirus, MBAM, and the online scanner again and they picked up nothing. Also, the Adware and Trojan-Spy's were all found during MBAM scans, but F-Secure picked them up.I have attached a HiJackThis log and a DDS log; GMER froze my computer partway through the scan when I used it. I have ran a... Read more

A:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 266.8

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 261.2

I believe I was infected last night when a website somehow redirected me to liteautogreatest{dot}cn.I'm running XP Home SP3 and the ZoneAlarm Internet Security Suite (just updated earlier today).ZoneAlarm continually finds a couple of problems and hibernates them but they do not go completely away after a reboot.The ZoneAlarm active monitor scan shows the following...Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNB.tmp on 4/20/2009 13:29:22Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BNA.tmp on 4/20/2009 13:23:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN9.tmp on 4/20/2009 13:17:40Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN8.tmp on 4/20/2009 13:14:30Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN7.tmp on 4/20/2009 13:07:26Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\Temp\BN6.tmp on 4/20/2009 13:02:40Rootkit.Win32.Agent.ikz was found in C:\WINDOWS\system32\drivers\systemntmi.sys on 4/20/2009 12:57:48Trojan-Dropper.Win32.Agent.amzh was found in C:\Documents and Settings\Don\Local Settings\T... Read more

A:Infected with Rootkit.Win32.Agent.ikz, Trojan-Dropper.Win32.Agent.amzh, Trojans? Malware?

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.alternate download linkThen download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, re... Read more

Read other 3 answers
RELEVANCY SCORE 260.4

hi , kaspersky scan(included at the end ) came up with a few infections, please help me with removal logs:Logfile of random's system information tool 1.04 (written by random/random)Run by Yanai Michael at 2008-12-14 13:16:05Microsoft Windows XP Home Edition Service Pack 3System drive C: has 4 GB (9%) free of 53 GBTotal RAM: 1526 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:16:16, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\... Read more

A:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

Read other 7 answers
RELEVANCY SCORE 257.6

Hello!I have trouble with my computer. I found this forum online and now I hope that you can help me. I suspected that I had a virus so I installed a anti-virus program. It found files with the names virus.win32.sality.k and trojan-proxy.win32.agent.II on my computer. After desinfecting those files I always got an error message when I turned the computer on. It kept telling me: file vmmdiag32.exe cannot be found. Then I found this forum and saw that other people had the same problem and that this is still a consequence of the virus. I don?t know how to get rid of it.Then I found your preparation guide for use before posting a hijackthis log, and checked my computer with the programs you adviced. Now that errormessage has disappeared, but I have the impression that my computer doesn?t work properly anymore. It?s getting slower and the anti-virus programm always finds new infected files. Sometimes when I turn the computer on it gets stuck while it is booting up and I have to press F1 to continue.Now there?s a problem with the audio too - I don?t know if it is also a result of the virus. It tells me: bad directsound driver. please install proper drivers or select another device in configuration. error code: 88780078. and the only sound the computer makes is a terrible peep sound.I have never had a virus before (I didn?t have internet on my computer), so I?m a little bit helpless and I would really appreciate it if you could help me.I also did the Hijackthis. here is the res... Read more

A:Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii

Hi schag1,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 6 answers
RELEVANCY SCORE 256

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 254.4

m ades, windows xp sp3
to whomever can help- i tried to remove some viruses
using info from bleeping, but am not having any luck.

i downloaded a file that i thought could help me on another
matter, but it had a virus that zone alarm's active scan did not
catch.

it was a rootkit virus. i tried tdsskiller several times as well as
malwarebytes, and thought i finally got rid of it. then another
virus popped up despite my not having connected to the internet.

another was this patch virus that kept redirecting my opera
browser. malwarebytes did not see this, but zone alarm did.
i tried to get rid of it and used tdsskiller, and thought i did.
i had to keep switching between safe mode and
normal mode to do it. i had no problems for two weeks, then
both seemed to pop up again. my guess is that i never
actually got rid of them. i tried zone alarm, malwarebytes,
and tdsskiller over and over again, with no luck. then my
ability to connect to the net went away. i gave up and restored
my hdd using the file i made just after i thought i had gotten
rid of the problems, so that though i would still have the viruses,
i would get back the net. using tdsskiller and malwarebytes
still did not work, and a new virus showed up. .

i'm including the logs from zone alarm, malwarebytes, and tdsskiller.

i would really appreciate help.

first to show up. used tdsskiller, seemed to be removed, kept showing back up.

(Forged): C:\WINDOWS\system32... Read more

A:infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh...

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

Read other 70 answers
RELEVANCY SCORE 251.6

I have been infected with either or both of Infected with backdoor tinyproxy.exe and/or Trojan-Proxy.Win32.Agent.bcw. I ran a trendhousecall scan and it picked up both, but my AVG scan shows neither. I have tried to remove as per http://www.bleepingcomputer.com/forums/lof...hp/t171229.html but when I reboot, I can not connect again to the internet, so I reversed the changes through Hijack this, so I can post on here and get your expert advice.Thank you for taking the time to look/help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:56, on 08/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\sys... Read more

A:Infected with backdoor tinyproxy.exe and/or Trojan-Proxy.Win32.Agent.bcw

Hello fedupfred Welcome to BleepingComputer ========================Please go to Start>Run type in Notepad.Copy what is in the code box below into the open Notepad window.Change the "Save As Type" to "All Files". Save it as fixthis.bat on your [email protected] off
sc stop "Server (lanmanserver) "
sc delete "Server (lanmanserver) "
rd /q /s "C:\Program Files\tinyproxy"
quitDon't do anything with this yet.=====================*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.Then please double click on fixthis.bat a window will open and close quickly.This is normal.=========AFter that reboot into normal mode ad ndo the following:In case you're having connection problems afterwards (browsing):In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver.Then post a new Hijackthis log.

Read other 22 answers
RELEVANCY SCORE 244.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 243.2

Hi, as I've seen a post earlier about this problem, I wanted to post to inquire about the same problem I have, which the "trojan-Downloader.Win32.Agent Variant" warning shows up when I try to open World of Warcraft, I've used Norton Anti Virus to scan but for some reason I found nothing.

As in the previous post it mentioned downloading hijickthis and posting the findings..I was wondering if anyone could assist me with this and the steps... much appreciated.

Regards,
Nick
 

A:Trojan-Downloader.Win32.Agent Variantder-win32-agent-variant.html

Here is the hijackthis log as follows, please assit on the next steps. thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:44:31 AM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

Read other 3 answers
RELEVANCY SCORE 242

Hi, I need help in removing these viruses; please see dds.txt and attach.txt attached. I recently deleted a file: c:\program files\gateway\hpa\uninstal.exe - is this crucial to my computer? It said it was infected so I had Comodo remove it but I don't think that was ideal.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Authorized User at 22:38:17.13 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.298 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\App... Read more


Hi, not trying to bump - can anyone help? ;x

Read other 3 answers
RELEVANCY SCORE 241.6

My son has managed to get his laptop infected with multiple trojans and malware i have discovered. Although he has not been complaining of any specific issues with it to be honest.Any help you could give me to remove all of these completely would be much appreciated.DDS LogDDS (Ver_09-02-01.01) - NTFSx86 Run by Jonah at 12:02:30.93 on 19/02/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2038.1006 [GMT 0:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k Lo... Read more

A:Multiple infections including Trojan.Win32.Agent.azob and Backdoor.Win32.IRCBot.efv

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 23 answers
RELEVANCY SCORE 240.8

I believe that I have been infected by the following Virus: Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR. They were all removed by either Zone Alarm Anti-Spyware and SuperAntiSpyware. However, I continue to have the symptoms: sporadic hijack of my keyboard so keystrokes are exected in what appears to be a random fashion. I say it's random because most of the time what's typed by the virus doesn't make any sese.I was working with FAX in the ZoneAlarm user forum who recomended the malware removal tools and suggested I post my Hijackthis log if all else failed. All else has failed. Following is the log. Thanks for your help.
 hijackthis.log   16.26KB
  17 downloadsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:13:46 PM, on 6/28/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\WinZip\WZQKPICK.EXEC:\Program Files (x86)\WordWeb\wweb32.exeC:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\HPQ\HP Connection Manager 2�... Read more

A:Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a... Read more

Read other 26 answers
RELEVANCY SCORE 240.8

system spec

intel 6320
2gig ram
ATI HD240
unkown MB


recently i noticed my pc getting a lot slower than normal IE scrolling down on an email would cause the window to stutter where normaly it would be smooth. i ran a virus scan useing AVG (paid version) and it didnt come up with anything i also ran adaware and i tried to install spybot but it unable to connect to the server to install. i tried the same spybot exe on a seperate machine and it installed fine

the computer was still slow so i ran a kaspersky online scan which found a few trojans and backdoors (see attached txt) that AVG fails to detect.


DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by L.HALL at 20:30:22.25 on 24/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1443 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Trojan.Win32.Agent.dkai, Backdoor.Win32.Delf.nut plus others

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 240.8

Hi all.I installed COMODO Firewall a few days ago and have been noticing strange programs trying to access the Internet: apcupsl.exe, acledits.exe, and ansii.exeAll three were picked up by the Kaspersky Online Scanner as viruses. (See
 kaspersky.html   23.45KB
  40 downloads)Many thanks in advance for any suggestions/advice!******************************************** Here's the main DSS/HJT log ********************************************Deckard's System Scanner v20071014.68Run by Owner on 2008-06-02 18:12:28Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-06-02 22:12:35 UTC - RP8 - Deckard's System Scanner Restore Point7: 2008-06-02 21:09:47 UTC - RP7 - ComboFix created restore point6: 2008-05-28 16:28:26 UTC - RP6 - Installed Windows XP KB947864.5: 2008-05-28 16:28:02 UTC - RP5 - Installed Windows XP KB942763.4: 2008-05-28 16:27:23 UTC - RP4 - Installed Windows XP KB941569.-- First Restore Point -- 1: 2008-05-28 14:22:18 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:56 PM, on 02/06/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet E... Read more

A:Backdoor.win32.ircbot.dhk/dfk And Trojan-ddos.win32.agent.ca

Hi,Any idea how you got this infection? It was installed a couple of minutes later than software from ACD Systems. Did you use a crack there or something?Anyway... * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 239.2

PLEASE NOTE: This is a DIFFERENT computer than the one I am currently working on with Agent ST

Because I was paranoid about this one, I ran an ESET Online scan to check my computer and it reported at several different trojans:

Win32/Toolbar.Zugo
2 variants of Win32/InstallCore.D
JS/Agent.NDJ
Win32/TrojanDownloader.Tracur.F
Java/Agent.DU
and probably a few more.

I am not sure exactly how many because I inadvertently closed Internet Explorer before the scan completed.

I did not set ESET to remove anything that was found, I was just scanning.

So, here I am,,,,needing help for yet another computer in my house.

It seems to be running fine but since this is the one I use for working at home, communicating with clients, online banking, etc. I need to be sure it's clean.

I am a web developer so I am very familiar with Windows,etc. however, virus removal is not my expertise so I need to ask for help.

Here is the contents of the DDS.log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Dona at 15:35:19 on 2012-02-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2232 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k nets... Read more

A:Need help with trojans..Win32/Toolbar.Zugo, Win32/InstallCore.D, JS/Agent.NDJ, Win32/TrojanDownloader.Tracur, Java/Agent.DU and...

Hi Dona!Peek a boo! Guess who?Can you try and zip up the GMER log file for me to review?---------------------Can you see if ESET Online Scanner dropped a log file in this location?Browse to this location: C:\Program Files\ESET\ESET Online Scanner\It should be named: log.txt if it was saved. If it is, please post that for me.---------------------You seem to have 2 versions of Skype installed. One of them seems to be a bit outdated.Lets remove that one now.You can go to the Control Panel and click on Add/Remove Programs and remove this one: Skype™ 4.1---------------------You're version of Firefox is also outdated by two versions. Open up Firefox and go to the Help menu click on About Firefox.It should check for updates, and download the updates that are required. Once it's completed downloading the update it'll present you with a button that says Apply Update. Please click on that. It will close Firefox and then apply the update to your computer.---------------------Please run these scans for me as well: Malwarebytes' Anti-Malware I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings: Open Malwarebytes' Anti-MalwareSelect the Update tabClick Check for UpdatesAfter the update have been completed, Select the Scanner tab.Select Perform quick scan, then click on ScanLeave the default options as it is and click on Start ScanWhen done, you will be pro... Read more

Read other 14 answers
RELEVANCY SCORE 238.8

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 238.8

Hi,I'm running Windows XP - Internet Explorer v. 6.00, SP3. Yesterday Avast alerted me to a virus on my computer (I neglected to write down the exact message). At the time, only Gmail was open and an email was being written. I've had some issues with Avast occasionally reporting a false positive, and since nothing was being downloaded at that time, I took no action with Avast. Instead, I immediately did a Quick Scan with MalwareBytes to see if it would find anything. MalwareBytes found and deleted the following: C:\Documents and Settings\HP_Owner\application data\Sun\Java\deployment\cache\\6.0\44\61b86cac-3c0c0928Trojan.FakeAlert.VGenC:\Documents and Settings\HP_Owner\local settings\temp\0.506697477033.exeTrojan.FakeAlert.VGenA second MalwareBytes scan was clean.I looked "Trojan.FakeAlert.VGen" up on Google and then it clicked: for the past few days, Adobe Flash Player has been crashing an awful lot. When it crashes (on Youtube, for example), it tells me the program is out of date and needs to be updated. The weird thing was that sometimes it worked for a while before it crashed, but I dismissed that as being some strange computer quirk. I went to the Adobe web site and tried to install the newest version of Flash Player, but was unable to. I feel foolish, but it never even occurred to me that a virus could be to blame. It concerns me that (assuming the Adobe Flash Pla... Read more

A:Trojan.FakeAlert.VGen, SpyInstall_HPPre.exe, Win32: Mirc-z [PUP], Win32: Kill App-W [PUP] & Win32: Agent-AMXO (Trj)

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Document... Read more

Read other 13 answers
RELEVANCY SCORE 238

Hi everyone. I find this forum very informative and quite interesting. I'm glad I found it. I do need help in getting rid of these that my scans have found. I use Spybot, Ad-Aware, and AVG on a Windows XP home edition. The Spybot and Ad-Aware found: Win32.backdoor.agent and Win32.trojandownloader.agent. Unfortunately, the AVG did not see these. Any help would be appreciated. The HJT log is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:36 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Photoshop Album Starter Ed... Read more

A:Solved: Scans detected Win32.backdoor.agent & Win32.trojandownloader.agent Please help

Read other 16 answers
RELEVANCY SCORE 236

There are several trojan horse detected such as Trojan-Backdoor.Win32.Agent.sp,Trojan-Downloader.Win32.QQhelper.kb, Trojan-PSW.Win32.OnlineGame.qy,Trojan-PSW.Win32.OnlineGame.yn, Trojan-BAT.KillAV.es, Trojan-proxy.Win32.small.du, Trojan-Downloader.Win32.Zlob.gj and many more...I do not know how to remove those trojan, pls HELP!!!Logfile of HijackThis v1.99.1Scan saved at 10:49:43 PM, on 7/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\FixCamera.exeC:\WINDOWS\tsnp2std.exeC:\WINDOWS\vsnp2std.exeC:\WINDOWS\system32... Read more

A:Several Trojan Such As Trojan-backdoor.win32.agent.sp, Downloader.win32 .qqhelper.kb

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 234

Hello

My PC has been recently infected by trojans; scan with Adaware found WIN32.BACKDOOR.AGENT and WIN32.TROJAN.SPY. It was able to remove them (at least this was the message). Later on i scanned using AVG antivirus and it found TROJAN HORSE PAKEC_C.GT and TROJAN HORSE PWS.GENERIC5.ABUM. Removal went also without problems. In addition, afterwards i used Spybot and it found Win32.Agent.pz. First time spybot had problems with removing but scanning again directly after reboot the trojan was removed (at least this was the message from the program). Following scans by all these programs found no threats. So, noww i've used the Hijackthis. I'm not really experienced with this program. The log file looks ok as far as i can judge (using some info from internet). So, i would be grateful if some experts from your forum would have a look on it and tell me their opinion. So, that i know if i have to do something with my system or if it is safe to continue working with it. Thank you very much in advance.
Here is the logfile;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:29 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Win32.backdoor.agent Win32.trojan.spy

Hi gumb, Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

Read other 2 answers
RELEVANCY SCORE 234

Have run cleanmgr to clear out all temp files, run Ad-Aware And Spybot S&D. Scanned with Norton Anti-Virus in both safe mode and normal mode run McAfee Avert Stinger am now posting HijackThis log in the hope of ridding my computer of these nasties.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:07:19, on 18/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\csrss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\system32\spoolsv.exeI:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeI:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exeI:\PROGRA~1\COSIDS\BIN\TbMux32.exeI:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeI:\ElsaWin\bin\LcSvrAdm.exeI:\ElsaWin\bin\LcSvrDba.exeI:\ElsaWin\bin\LcSvrHis.exeI:\ElsaWin\bin\LcSvrKdS.exeI:\ElsaWin\bin\LcSvrPas.exeI:\Program F... Read more

A:Win32.backdoor.agent / Win32.trojan.spy

Hi Dave J Spencer and Welcome to the Bleeping Computer!Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 10 answers
RELEVANCY SCORE 233.2

I have been wondering what has been wrong with my XP Install for about a month now and I just updated Nod32 to the latest version and as soon as the install was complete it came back at me with these ; Win32/Rootkit.Agent.ODG Trojan, and Win32/Agent.ODG virus. Tells me it is installed in the operating memory and it is unable to clean . Anyone have any Ideas on this pesky @##$$%%!!!! Have tried to install and reinstall my paid for edition of SuperAntispyWare with no luck seems to block the instillation no matter how many times I try to install. Have also tried to install Malwarebytes with no luck either seems to block what I'm trying from the get go. Have attached a HJT Log also if it will help. I didn't see anything unusual but I sure could use some help here. About a month ago I was on line doing some research and GOGGLING and all when I noticed the links in goggle were taking me to places that had nothing to do with the link ? Will stay in touch .
 

A:Win32/RootKit.Agent.ODG Trojan or Win32/Agent.ODG Virus

Totally !!
 

Read other 3 answers
RELEVANCY SCORE 232.8

I use ESET NOD32. At startup it detects the win32/Kryptik in a start-up scan and later mentions the Win32 rootkit running in memory. The scan log shows that it has detected this on each startup but it cannot delete because files are locked from removal. I have not been able to tell what file NOD is trying to find. Below is last log file post: This same message is repeated in numerous 10+ restarts in the past 24 hours.

5/19/2009 8:25:51 PM Startup scanner file \\?\globalroot\systemroot\system32\gxvxctxujtymqsiltimrpcilnqyirvmqgrlhk.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined
5/19/2009 8:25:46 PM Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean

I have run ESET in safe mode. It didnot do anything to eliminate the problem. Windows Defender has apparently not done anything either. Finally, I tried windows malicious software removal, but apparently it could not do anything either.

Main problem I notice is delays in internet usage. Happens both in firefox and ie. I changed DNS settings from automatically detect to a fixed DNS setting from earthlink.net. Still same slow down in internet usage.

Appreciate any help you can give. I have tried to find bad file, but to no avail.

Thanks
===============================================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Pop at 21:38:42.70 on Tue 05/19/2009
Internet Explorer: 7.0.... Read more

A:Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan

It now looks like I may have been able to repair my problem. I used a somewhat, haphazard, unguided approach to removal. The final solution came from AVG Rootkit removal ( http://download.cnet.com/AVG-Anti-Rootkit-...4-10662685.html ). Here is a list of all the steps I attempted. I was worried at times I could have hurt my system, but then I would have had to reinstall the OS. But, on the other hand, some internet posts I read were saying that was the only way to repair the situation. So, desperation took hold. I found my reinstall disks, just in case I needed them and proceeded. ATF Cleaner -- Who needs temp files anyway, especially if they might have trojans, I eliminated temp files this program would find.CC Cleaner - used this to clean out internet cache and history.Recycler folders - I had multiple recycler folders, one that had a rundll in it. I assumed you only have one recycle bin so you only need one of these folders. I had to reset the folder view options in exlorer to see all files and folders (hidden, system, etc.) I deleted the extra recycler folders I could find.System Restore - I turned off system restore. This would erase all the previous positions I had saved. This meant I could never go back to a prior position where my computer was running good, but I didn't know how to find out if I had virus/trojan in one of these saved files I then immediately turned back on the system restore after the old restore files were deleted.b]Windows defender[... Read more

Read other 2 answers
RELEVANCY SCORE 232.8

My computer is infected with Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent. I've been trying to remove them with Ad-Aware but they re-install themselves. I've downloaded numorous other malware removers but the malware seems to disrupt / won't allow them to install or work. This includes the root repeal program mentioned in the preparation guide. When I attempt to run root repeal I get the following error:

04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)
04:03:06: DeviceIoControl Error! Error Code = 0x1e7
04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)

The most annoying thing that is happening is when I go to google something, it will redirect me to somewhere else or will throw random pop-ups at me every now and then. Also, I tried to reformat / re-install a fresh copy of Windows Vista but it seems this piece of malware makes it impossible to boot from disk.

Thank you in advance for your assistance!

Attached below is my dds.txt log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff at 3:59:19.84 on Fri 08/28/2009
Internet Explorer: 7.0.6000.16890
Microsoft? Windows Vista???? Home Premium 6.0.6000.0.1252.1.1033.18.2046.1362 [GMT 9:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\... Read more

A:Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 232.8

It attacked IE first. I used Ad-Aware and CCleaner. It seemed to go away. Then it came back and attacked Firefox. I used Malwarebytes' Anti-Malware in conjunction with Ccleaner and it wouldn't go away. After every use, there would still be another DLL file to find and destroy, even if Malwarebytes' Anti-Malware said it was successful. Often the files that returned were different DLLs then before.I have no Window's Explorer due to this infection. Managed to run tasks anyway and found you guys on google when I entered in a DLL file name that I had originally found while scanning. I can't recall the name of the offending DLL... Ran the Kaspersky Scanner, and the Highjack This Scanner. All results are posted below. KASPERSKY ONLINE SCANNER 7 REPORTSaturday, December 6, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Saturday, December 06, 2008 03:47:06Records in database: 1439820Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area Critical AreasC:\Documents and Settings\All Users\Start Menu\Programs\StartupC:\Documents and Settings\Kienzle\Start Menu\Programs\StartupC:\Program FilesC:\WINDOWSScan statisticsFiles scanned 112172Threat name 2Infected objects 2Suspicious objects 0Duration of the scan 01:05:54File name Threat name Threats countC:\WINDO... Read more

A:Infected; Trojan.Win32.Agent.asjk, Trojan.Win32.Monder.aane

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow... Read more

Read other 19 answers
RELEVANCY SCORE 230.8

Hi! My real-time Anti-virus protection filter (Eset Nod32) has registered som virus activity for the past couple of weeks that i cant seem to get rid of:2010-03-22 11:26:47 Real-time file system protection file I:\System Volume Information\_restore{9307B358-B690-49BE-8C17-30DE253AE1DB}\RP828\A0122539.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined NT INSTANS\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.2010-03-22 10:34:42 Real-time file system protection file E:\System Volume Information\_restore{9307B358-B690-49BE-8C17-30DE253AE1DB}\RP828\A0123560.exe a variant of Win32/Kryptik.W trojan cleaned by deleting - quarantined NT INSTANS\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.2010-03-22 10:34:36 Real-time file system protection file I:\System Volume Information\_restore{9307B358-B690-49BE-8C17-30DE253AE1DB}\RP828\A0122537.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined NT INSTANS\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.The files (same trojan /s but different executable names after each deletion, for ex: it varies between A0005757.exe, A0005757.inf and svchost.exe and so on) comes keep comming back after deletion of files in qurantine. The DDS l... Read more

A:Infected by Win32/Agent & Win32/kryptik.W Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 229.2

old sony laptop with windows xp pro sp3 intel pentium 3 with 640 MB rami've got some nasty bugs on my laptop. i can remove them with spybot or malwarebytes, but they come back every time i restart the pc. they are able to turn off windows firewall and symantec anti-virus autoprotect. my laptop got infected after my desktop, so both are only in safemode and off the network for now. any help would be greatly appreciated.from spybot:win32.delf.ucfrom malwarebytes:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\llpinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nvtpm32.dll (Spyware.Agent.H) -> Delete on reboot.C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\azton.mt (Trojan.Agent) -> Quarantined and deleted successfully.Here is my log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:41:32 AM, on 3/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Laptop infected with win32.delf.uc, Spyware.Agent.H, and Trojan.Agent

you can close this out as i actually just did a clean reinstall of the OS. however, if anyone can help me with my other PC i'd prefer to not reinstall it as well:http://www.bleepingcomputer.com/forums/t/207842/desktop-infected-with-trojanagent-more/it has:trojan.agentadware.cometadware.starwaretrojan.dnschangerthanks!

Read other 2 answers
RELEVANCY SCORE 228.8

My computer has been infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan. AVG, ESET NOD32, and Avira couldn't delete it, and I want to delete it. It redirected all Google searches and slows down my computer. Can you please help me. Thanks ahead to anyone who can help.Here is the HJT logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:28:51 PM, on 18/08/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC... Read more

A:Infected with Win32/Rootkit.Agent.ODG trojan and Win32/Olmarik.JU trojan

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 20 answers
RELEVANCY SCORE 228.8

i am sorry to post a log over here, as i have read through the forum and try to resolve the problem on my own but i failed.since i had ran the comboFix, so i feel that it may be of help to post it.sorry for the trouble..here's the log file...ComboFix 09-07-28.06 - Bentley 07/30/2009 0:35.1.8 - NTFSx86Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.3069.1872 [GMT 8:00]Running from: c:\users\Bentley\Desktop\ComboFix.exeSP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Install.txtc:\windows\system32\tmp0_144047822718.bkc:\windows\system32\tmp0_16962678345.bkc:\windows\system32\tmp0_205418834021.bkc:\windows\system32\tmp0_355351885288.bkc:\windows\system32\tmp0_424346226483.bkc:\windows\system32\tmp0_516880812123.bkc:\windows\system32\tmp0_517948877969.bkc:\windows\system32\tmp0_525286544717.bkc:\windows\system32\tmp0_687442396617.bkc:\windows\system32\tmp0_77071886817.bkc:\windows\system32\tmp0_779592338841.bkc:\windows\system32\tmp0_790261416358.bkc:\windows\system32\tmp2_1075327197... Read more

A:Infected with win32/rootkit.agent.ODG trojan and win32/Olmarik.JU trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 228.8

The last two days my computer has frozen up while trying to surf around online. This seemed weird so I ran a full system scan with symantec endpoint both days. Both times the logs came back with no risks detected. Today I started getting internet explorer pops directing me to sites. I knew at this point I had an infection that endpoint was not picking up. I disabled my network card and used another computer to download some of the suggest programs I've seen on this site. I has hoping to at least get the problem quarantined so that I would feel safe enough to enable the network card again. After running the utilities, I am not freezing when surfing web pages and have resumed using the computer. I would like help making sure that my computer is clean since endpoint obviously isn't catching this problem. Below are the logs for Kaspersky Online Scan & DSS.Deckard's System Scanner v20071014.68Run by bgedeon on 2008-07-29 14:40:22Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as bgedeon.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:40, on 2008-07-29Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\s... Read more

A:Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa

I continued to investigate on my own. Combofix quaratined some files, but did not delete them. A scheduled full system scan with endpoint finally picked up some infections with the newest updates loaded. Symantec scan labels the infections as Trojan.Vundo and Trojan.Metajuan. Metajuan was removed automatically, but Vundo proved to be a little more pesky. Symantec offers a removal tool for Vundo on there website. I opted to try out Malwarebytes' Anti-Malware (mbam). It was able to located the files that were in quaratine and some infected files that were in system restore. I disable system restore to avoid any problems and mbam was able to delete all the files. After a system restart, I scanned with Symantec Vundo tool and found no further signs of infection. Mbam did a good job Re-enabled system restore and recreated a fresh restore point. I'm hoping that this will be in the end of this problem, but would still be interested in someone combing through some of my logs to see if anything was missed. I'm still a little miffed that endpoint had not picked these infections up when they are not exactly new threats and I had the most current definitions when I ran my previous scans.

Read other 10 answers
RELEVANCY SCORE 225.6

(DDS log below)I re-installed my AV after running without it for a while and found that I had quite a few bad things going on picked up by Nod32 including (see attachment for more detail):Win32/Olmarik.ZCJava/TrojanDownloader.Agent.NBEa variant of Win32/Olmarik.UL trojanWin32/Cimag.CL trojanI also get multiple outbound connection attempts which are at least partially being blocked by Nod32 to weird .cc .cn and a few .com domain urls, this happens after performing a google search. Also getting some browser redirects going on and homepage changes.I tried setting nod32 to pre-release updates and performing a full scan, this picked up the above and removed them, but after a reboot there are still things going on. Before reading the steps on this site, I ran the latest ComboFix twice which picked up a rootkit in intelide.sys both times, but appears to come back each time. While I disabled nod32 when I ran ComboFix, it re-enabled upon reboot automatically, not sure if that matters.I've also been getting a startup delay of around 1 minute after logon, in this time, nothing appears to be going on (no apparent CPU or disk activity), but wireless, AV and other startup items do not run. Then a minute later, everthing fires up.I've tried running GMER several times but this keeps giving me a BSOD with IRQL_NOT_LESS_OR_EQUALLast scan with nod32 came up clean but still getting outbound connections and browser redirects.Looking to sort this out once and for all!DDS (Ver_10-03-17.... Read more

A:WinXP rootkit? problem + Win32/Olmarik.ZC Java/TrojanDownloader.Agent.NBE a variant of Win32/Olmarik.UL trojan Win32/Cimag.CL t...

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perfor... Read more

Read other 14 answers
RELEVANCY SCORE 224

Athlon AMD pc Windows XP Service pack3

My F-Secure antivirus keeps warning me about malware eg koobface but can only deal with it by renaming it. Spybot and Malwarebytes have identified Win32.agent.pz, Win32.BHO.je,and virtumonde.dll (among others). I have tried turning off System Restore and have used Safe Mode but all to no avail as they keep returning.
I have downloaded Hijack this so could post a log if required.
Any help would be much appreciated. Thank you.
 

Read other answers
RELEVANCY SCORE 222.8

Just yesterday I appear to have found contracted a virus. No matter what method I use to remove it, everytime I restart my computer, it is back. Hopefully someone will be able to help me. Per Ad-Ware, this is what was found:
Trojan.Win32.Generic!BT - c:\windows\system32\d-link_st3402.dll
Win32.Trojan.Agent - c:\windows\system32\d-link_st3402.dll

I ran the MiniToolBox and have attached the results of that. I tried running going into safe mode and running RKill, then SAS, then rebooting into normal mode and running MBAN but it always seems to come back. I also attached the MBAN log as well.

I hope someone can help, otherwise it looks like a long night of reformatting is ahead of me......

A:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Since we're dealing here with ZeroAccess rootkit....Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 222.8

I have a nasty infection that has taken over my machine and which I cannot remove. The infection seems to hijack the google page and any links that I click from this page take me to what appears to be rogue websites, which want me to download their stuff.

I am currently running ESET Nod 32 and Ad-aware Anniversary Edition. Both these programs are picking up the trojan infections but are unable to clean.

I have tried to install malwarebytes but have been unable to do so. I did try changing the exe name of malwarebytes (as advised on this site) but the program does not fully complete the installation.

I have downloded the DDS tool, ran the scan and have now attached the lod to this post.

Also here is a copy of the Ad-aware scan log (I did not complete the scan due to the computer constantly crashing):

Logfile created: 10/06/2009 18:19:4
Lavasoft Ad-Aware version: 8.0.5
Extended engine version: 8.1
User performing scan: SYSTEM

*********************** Definitions database information ***********************
Lavasoft definition file: 148.49
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 70104
Objects detected: 7
Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 6
Folders.........: 0
LSPs............: 0
Cookies............ Read more

A:Infected with WIN32 Trojan Agent and WIN32 trojan TDSS

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other ope... Read more

Read other 7 answers
RELEVANCY SCORE 222.8

Hello,

I am on a laptop running Windows 7 and a couple of days ago, Ad-aware found two viruses: Trojan.Win32.Generic!BT & Win32.Trojan.Agent - see details on quarantined items pasted at the bottom of this note. I've tried numerous times to remove the viruses by rebooting, as recommended, and rescanning, but it's only gotten worse. I can now no longer access most of my programs, including any virus scan programs (Adaware, Malwarebytes). I was able to download RKill but when I try to run any of the different versions nothing happens - have tried renaming with no sucess. When using Internet Explorer, Google search is redirected to other sites. I've tried using safe mode with the same results.

Please let me know if you can help? Here's the virus scan log from a few days ago, when I was actually able to run Adaware.

Thanks in advance!!

Scan Log:

Quarantined items:
Description: c:\programdata\f4d55f3b0001577a000a86a2b4eb2367\f4d55f3b0001577a000a86a2b4eb2367.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 7f544794965c873108012225055eafd6
Description: c:\windows\assembly\gac_32\desktop.ini Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Reboot required Item ID: 1 Family ID: 0 MD5: 878F9B6DA85CB98FCBDF6ABD1730A32F
Description: c:\windows\assembly\temp\u\[email protected] Family Name: Trojan.Win32.Generic!BT Engine... Read more

A:Infected with Trojan.Win32.Generic!BT & Win32.Trojan.Agent

Hello, let see if we can do these.If RKill still fails ,move on.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the informat... Read more

Read other 15 answers
RELEVANCY SCORE 219.2

Bonsoir,
Suite ? une navigation sur un forum d'avis pour des restaurant. J'ai "r?cup?r?" adware.win32.webhancer que j'ai essay? de supprimer avec Fsecure. Ce matin j'ai lanc? un scan complet de l'ordi d?connect? d'internet et je me retrouve avec 9 virus sur le PC.

Trojan-spy.win32.agent.beaf
Trojan-spy.win32.agent.bdzz

et l? impossible de les supprimer. Fsecure les d?tecte mais ne fait pas de mise en quarantaine ou de nettoyage.
J'ai booter sur CD avec bitdefender mais celui-ci ne trouve rien.
Merci pour vos conseils et aide.
Cordialement
Thierry

A:adware.win32.webhancer/Trojan-spy.win32.agent.beaf et .bdzz

Hello and welcome .. Sorry I do not speak French and hope you can understand this English.EDIT: if you need French please let me know.I see your infection and want to do another scan ..Run...TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checke... Read more

Read other 10 answers
RELEVANCY SCORE 219.2

Hi there,
Sorry for this repetitive question but I'm new to antivirus forum discussion. I'm trying to get rid of the above mentioned malware/virus. I've tried running webroot, Symantec endpoint, and smitfraudfix in safe mode (webroot and symantec were run one at a time while the other software was disabled).
Webroot and symantec found and quarantined a few threats but I ran KASPERSKY ONLINE SCANNER 7 REPORT which identified these threats still found in my computer.
C:\Program Files\GetPack\GetPack27.exe Infected: not-a-virus:AdWare.Win32.Agent.jok 1
C:\WINDOWS\system32\wpv791232083449.cpx Infected: not-a-virus:AdWare.Win32.Agent.jok 1
C:\WINDOWS\system32\xxyyxwxY.dll Infected: Trojan.Win32.Monder.aort 1

THe Getpack27 folder I deleted but who knows if it will return.

Don't know how to get rid of the other two threats - Trojan.Win32.Monder.aort and not-a-virus:AdWare.Win32.Agent.jok.

Ran Hijack this and the log result is the following:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:32 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Syma... Read more

A:Trojan.Win32.Monder.aort and not-a-virus:AdWare.Win32.Agent.jok

Hello, ahns75
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

Please follow the instructions located here:

http://www.techsupportforum.com/f50/...lp-305963.html

Then reply back with the generated reports.

In your next reply, please include the following:DDS.txt
Attach.txt (Zipped and attached)
Ark.txt (Zi... Read more

Read other 9 answers
RELEVANCY SCORE 219.2

Hi, I?m a newbie and this is my first post. Thanks ahead of time for existing and for helping me!My computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop with lots of virus/Trojan/adware/malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www.athlonsports.[com] or www.grogansports.[com] was the final virus that started me crashing and generating the wonderful ?Error Message: Stop c000021a {Fatal System Error} The Session Manager Initialization System Process??After failing to reboot multiple times and not being able to use my XP recovery disks, the computer loaded up somehow in Normal Mode. I disconnected from the Internet and I ran Avast! Antivirus before it crashed again and it found the following virus/etc.Found by Avast! AntivirusJS:Redirector-B[Trj] in a temporary internet fileWMA:Wimad[Drp] in a temporary internet fileWin32:Monder-GB[Trj]? in ?c:windows\system32\opnmlccs.dll? file?Win32:Trojan-gen{Other}? in ?c:\Windows\system32\prunnet.exe? file ?Win32:adware-gen[Adw]? in a program that came with computer that I?ve never used: C:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe\$instdir\ppcttoolbar.dllI deleted/quarantined those viruses and tried to do a system restore to a couple days before and it wouldn't let me do it although I had just saved a system restore on 12/31. And t... Read more

A:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

Read other 6 answers
RELEVANCY SCORE 218.4

MY PROBLEM
==================================================
i was using win xp sp1 since may 2005. my system was very clean.. yesterday due to a crash i have to re-install the windows so i switched to sp2.. than i used a flash stick of a friend. that has viruses and my kasper AV was not updated that time to detect them.. now i have updated my kasper AV it has detected some viruses and removed them.. they were

1. svchost.exe in windows directory
2. RavMon.exe in every partitaion of my disk
3. trojan.win32.agent.abt
4. email-worm.win32.brontok.q
5. win32.hidrage.a (kasper AV) also known as win32/jeefo
6. MDM.exe in c:/windows

where it says open & explore there are some strange symbols...
those symbols still there and when i double click any of the partitaion to open it... it opens a dialog box saying " open with" choose the program to open the file c:/ or D:/ .......

here is screenshot


yea and another problem. i can't see hidden files.. when i enable show hidden files. and click ok
but again don't show hidden files option is selected..
other than this i haven't noticed anything else.

im hopeful that i will get good response
thanks in advance..
========================================================
LOGS
========================================================
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-10 19:44:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Run... Read more

A:many probs. AV found. trojan.win32.agent.abt, win32.hidrage.a etc

hi guys.. im still waiting for the reply... so i can avoide formating...
or shall i go with formating??

Read other 10 answers
RELEVANCY SCORE 218.4

Some time ago i have noticed popping up advert (Shoot 5 iPhones) when i was exploring "home page" on my web browser. At the begining i though that this is one of the normal adverts but this situation have been taking too long in my opinion. So i decided to reserch the internet and have found some threads about rootkits/malwares/trojans.
Before i have found the guide "First Steps" i had used Malwarebytes software (full scan done: Registry Keys infected: 1, Files Infected: 1) and ESET online scaner (Adware.ADON, Agent.CAFVEUT trojan). I have removed/deleted infections under Malwarebytes only. Then i have fallowed the guide "First Step" (prepared system to scan, downloaded DDS, GMER, Combofix).
Then i run DDS, GMER, Malwarebytes (taking no action).
Generally, excluding annoing popping up advert i have noticed nothing suspicious (sometime slowing down system and quite often router's hungs/disconections)

I have HP laptop with recovery partition.
I do not have access to Windows Install Disc/Boot Disc.

Recently i red some articles about cyber crimes. I am terrified.
I defenatly need HELP.

--------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by Piotr at 16:09:07,85 on 2010-09-16
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1033.18.1014.393 [GMT 1:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9... Read more

A:Win32/Adware.ADON , Win32/Agent.CAFVEUT trojan

"BUMP, please"

Read other 17 answers
RELEVANCY SCORE 218.4

I did my best to follow the pre-posting instructions and there's still the same issues as before.Please help me fix this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:00 AM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\fpsuqsiw.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svch... Read more

A:Win32.trojan.agent, Win32.trojandownloader.zlob, Pe_trats.a

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 19 answers
RELEVANCY SCORE 217.6

I have printed off the new instructions - read this before posting for malware removal help. I have starting following the directions. I download and run gmer rootkit scanner. I follow the instructions exactly but every time it gets to a certain point of scanning it closes down completely. I try to run my computer in safe mode of any kind and I can not do so at all. I have Charter Security Suite. I have uninstalled it and run Avast for home the free one, spybot seek and destroy (which took care of 59 things the others didn't). None of them will get rid of the Trojan-Proxy.Win32.Agent.bpi that is at: C:\windows\system32\lsp.dll I also have a virus that redirects my google links.

I have the DDS logs available but nothing else. I don't know what to do or where to go.

Any and all help is greatly appreciated.

Marlene



DDS (Ver_09-06-26.01) - NTFSx86
Run by Marlenes at 11:14:07.65 on Thu 07/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1514 [GMT -4:00]

AV: Charter Security Suite 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 216

ok man. now lets get ready to kick these unwanted ***** out of my comp.

BEFORE u read on, please pardon my emotional language.... ( including some strong language). im trying my best not to be emotional...

i am providing as much information as possible. so please help me.... thanks in advance!

_______________________________________________________

DAMN! after i downloaded a keygen, i got a damn trojan.... man that sux. shouldnt have done it....

now i really dunno WAT to do with the trojan in my comp now.

SYMPTOMS
1. i cannot open some programs like mIRC ( very safe. no virus etc )

However, i still can do the following
1. surf the web ( to seek help here!!! )
2. use virus scanners and such
3. boot up normally

_________________________________________________________

here is my hijackTHIS! log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:12:23 AM, on 9/3/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explor... Read more

A:Virus.Win32.Virut + Trojan.Win32.Agent.bck

Another solution i tried

i was recommended by some guy from another forum to try tthe free kaspersky online scanner. so here are the results
WARNING! below is a very very long scan log of a whooping 749 files infected. its so long, that i have to post it in 2 posts. the log was originally has 63374 characters. but only 30000 characters are allowed.

Sunday, September 02, 2007 9:04:59 AM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/09/2007
Kaspersky Anti-Virus database records: 402384
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Andrew\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 13660
Number of viruses found 7
Number of infected objects 749
Number of suspicious objects 0
Duration of the scan process 00:16:43

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pft74~tmp\Reader\AcroRd32.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32... Read more

Read other 3 answers
RELEVANCY SCORE 214.4

This virus was unknowingly attached to a game that was downloaded on my pc. I am using a different pc to post here as the virus prevents me from launching websites that offer support for its removal. Other posts that I have read recommend running an online scanner from eset. Unfortunately, for me, this would be one of the many sites the virus prohibits me from accessing. If I attempt to locate a help site from a search engine, I am redirected to other random sites. If I manually type the URL of a help site in the address bar, the site is blocked.I was able to run HijackThis and am providing this log. Any assistance that you can offer will be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:59:04 PM, on 9/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\basfipm.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINNT\Explorer.EXEC:\Program Files\Symantec AntiVirus\... Read more

A:Trouble With Virus: Win32.agent.gvu / Trojan.downlader.agent.aejp

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers