Over 1 million tech questions and answers.

"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Q: "Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

RELEVANCY SCORE 200
Preferred Solution: "Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: "Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HEREOrange Blossom

Read other 2 answers
RELEVANCY SCORE 216.4

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 204

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 197.6

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 195.2

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

A:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 193.2

Trojan horse SHeur2.BEKQ infecting bogogife.dll and Trojan Horse Generic14.AXEW infecting logon.exeI was minding my own business on the net and the resident shield alert pops up telling me I have infections...I clicked to try to delete them and it said it wasn't recommended. so here I am again...I seem to get infections alot and don't know what Im doing wrong. Please HelpHere are the documents requested:DDS (Ver_09-07-30.01) - NTFSx86 Run by Twiss at 17:53:58.56 on 17/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1261 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\OEM02Mon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\New Java\bin\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOW... Read more

A:Trojan Horse SHeur2.BEKQ & Trojan horse Generic14.AXEW

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 189.2

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 189.2

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 188.8

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 188

Hi,

A couple of days ago Winpatrol & AVG resident Shield detected Trojan Horse Backdoor.Generic11.JAA it seems partly associated to a file (uninstall.exe in the startup program folder)

Whatever I tried to do to get rid of the file, it just gets recreated instantly. On a full system scan Malware Byte's doesn't seem to detect anything and neither does AVG on a full virus scan. But it does with the AVG Resident Shield catches it (Detected on Open)

Disabled System restore and launched all the protection tools I had in regular or in safe mode (AVG, SuperAntiSpyware, Malwarebytes' Anti-Malware, Spybot..), even tried to "Fix" the file with the HijackThis . Nothing seems to work.

Uninstall.exe just reapears and AVG resident shield & Winpatrol warns me that it found the treat again On Open.

Does anyone know how to get rid of this problem? I ran out of idea.

Below is the Hijackthis.log ... Anyone has an Idea how to fix this?

Thanks

A:Trojan Horse Backdoor.Generic11.JAA

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 188

Greetings,

Recently my AVG 8's resident shield has picked up multiple threat detections that are exactly the same, for example the screen would look something like this:

File Infection Result
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
................................................................................................................................................................

The list extends even further gradually.

To try and resolve this problem I have tried to quarantine/remove/heal the Trojan, however it keeps coming back.

Opening my control panel seems to stimulate the production of this trojan, as more detections appear on my AVG's resident shield.

My laptop runs on the Windows Vista Home Premium

Below is my laptop's... Read more

A:Trojan horse BackDoor.Generic11.ZNE

I too am having this problem, it's really annoying to deal with. anyone have a fix? besides uninstalling AVG that is.

Read other 3 answers
RELEVANCY SCORE 187.2

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 186

Greetings,

Recently my AVG 8's resident shield has picked up multiple threat detections that are exactly the same, for example the screen would look something like this:

File Infection Result
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
C:\Windows\System32\hjgruiuoujbkgs.dll Trojan horse BackDoor.Generic11.ZNE Infected
................................................................................
................................................................................
The list extends even further gradually.

To try and resolve this problem I have tried to quarantine/remove/heal the Trojan, however it keeps coming back.

Opening my control panel seems to stimulate the production of this trojan, as more detections appear on my AVG's resident shield.

My laptop runs on the Windows Vista Home Premium

Below is my laptop's model information:

Manufacturer: Hewlett-Packard
Model: HP Pavilion dv9500 Notebook PC

I really hope that someone could help me with this and thank you for your time.

A:Problem with Trojan horse BackDoor.Generic11.ZNE

Backdoor Trojans can be very dangerous.

Read other 2 answers
RELEVANCY SCORE 186

I hope someone can help me. AVG is reporting that my machine is infected with BackDoor.Generic11.ZNE. I've tried to get rid of it with AVG but it just keeps reinventing itself. On occasions Windows shuts down telling me its to protect itself.
I've also tried MalwareBytes but that keeps freezing about 5 minutes in.

I'm running Vista Home with SP1.
Intel® Core™2 Duo CPU E4500 @ 2,20GHz

Any help would be gratefully received.

A:Trojan horse BackDoor.Generic11.ZNE Infection

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

Read other 2 answers
RELEVANCY SCORE 186

As the title says...What is it? I've had it locked away in the AVG Vault for a while. I just want to know what it can do.

A:What is Trojan Horse BackDoor.Generic11.ATJR?

What is a Backdoor Trojan?What is a Botnet?What is an IRCBotWhat Is A Rootkit? - To learn more about these types of infections, you can refer to:What danger is presented by rootkits?Rootkits and how to combat themr00tkit Analysis: What Is A RootkitThe Difference Between a Virus, Worm, Trojan Horse and Blended ThreatsWhat is the difference between viruses, worms, and Trojans?

Read other 2 answers
RELEVANCY SCORE 184

Hello,

I am using Windows Vista on a Dell laptop, and I've been using AVG for a long time. Recently, I began receiving numerous reports from the resident shield informing me of infections in System 32 files (mostly executable ones) and even some in my AVG executable files. Resident Shiled informs me that the infection is titled Trojan horse BackDoor.Generic11.ZNE. I've read some other help people have gotten from this site, but it was highly recommended that I write my own topic. How do I get rid of these infections. They continue to return no matter how many I remove. The Resident Shield says the files are C:/Windows/System32/geyekrixjteljc.dll -- If there's anything you can do to help me, it would be much appreciated.

Thank you.

A:help with trojan horse backdoor generic11.zne virus [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 22 answers
RELEVANCY SCORE 184

AVG found and "removed" six infections during my daily scan. I uninstalled my spam filter (by Codeode, which seemed to be the source of, or harbor for, the infections. They were found again last night (see below). Any ideas? I'm wondering why AVG didn't catch and prevent the infections in the first place. From what I've read, they seem bad. THANK YOU.

AVG Scan History - Infections Detail
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0:\D1074a060.zip";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\107B4E6E60547F1F630E352B01624A33645856D0:\D1074a060.zip:\D1074a060.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Documents and Settings\Administrator.HOME\Application Data\com.codeode\Cactus Spam Filter 2.13\training\45337C5D5A0733430F6B04741239141559272860";"Trojan horse BackDoor.Generic11.ALD... Read more

Read other answers
RELEVANCY SCORE 184

Good morning,

I am currently running Windows XP and am having trouble with trojans. After scanning with AVG (free 8.5) last night, I received a warning about several trojan infections. AVG was able to remove all of them but six. These are all Trojan horse BackDoor.Generic11.ZNE They are located in the following files:

C:\WINDOWS\SYSTEM32\rundll32.exe (6068)
C:\WINDOWS\SYSTEM32\svchost.exe (1156)
C:\Program Files\AVG\AVG8\avgscanx.exe (2980)
C:\Program Files\AVG\AVG8\avgui.exe (1544)
C:\Program Files\AVG\AVG8\avgcsrvx (6020)

All these locations are copied directly from the AVG results screen.

The only apparent effect of these trojans is that, once every five minutes or so, a page will open in Internet Explorer to a random advertisement ("find your old classmates," "erectile dysfunction," "hot college girls," and that sort of thing). I have both IE and Firefox on my computer, but I only use Firefox for browsing and nothing that I can see has happened to it. Aside from this, I have observed no changes to my computer or my browsers. In order to prevent the popups, I have disabled the Internet connection on the infected computer, but have taken no other action.

A:Multiple Trojan horse BackDoor.Generic11.ZNE infections

I have a new development. When I run a Google search for anything, I cannot follow the resulting links. I click on a result link and instead of opening it, a new tab opens to a "virus removal" site and the original tab does nothing. This happens only in Firefox. IE will not bring up a search engine at all.

Read other 2 answers
RELEVANCY SCORE 184

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 183.6

I have 1 internal HD and 3 external HD's.I downloaded a program and it ended up being a trojan horse (as per AVG) psw.agent.xrm / sheur2.nml.Now every time I go to "My Computer" and click on any of my Hard Drives I get the following error The AVG is still running a scan of the last external HD and the internal HD as I am typing this. I read somewhere that it needs to be removed a different mean, other than AVG. So here I am.Here is a copy of the DDS file and I will attach the "attach" file.Will I be able to clean the external hard drives from this trojan?The internal hard drive I can re-install windows if needed (I prefer if we can avoid this ). The external ones I need all the info that is in there, is my work files.Thank you in advance.DDS (Ver_09-01-19.01) - NTFSx86 Run by Alicia at 0:13:02.81 on Thu 01/29/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1470 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)FW: ActiveArmor Firewall *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBu... Read more

A:Trojan Horse psw.agent.xrm / sheur2.nml

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 3 answers
RELEVANCY SCORE 183.6

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

Read other 1 answers
RELEVANCY SCORE 183.6

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

Read other 17 answers
RELEVANCY SCORE 182

Hello,

I am running windows vista home edition and have been struggling with a bunch of viruses. Currently, all i have left is 'Trojan horse BackDoor.Generic11.ZNE' and virus 'Packed.Monder'.

I have removed a bunch of viruses already with Malbytes Anti-Malware and SuperAntiSpyware. The ones i remember are Win32\Cryptor and Generic13.(something). There was also one that had rootkit in the name, but can't remember the full name.

I've got the virus using FireFox or IE, not 100% sure. I think i had IE on my hotmail and had 2 firefoxes, one searching for game related stuff and the other for porn (guess that's the virus one).

Before i removed the first 3 viruses/malware, google would not work for me, searches would return blank pages. Eventually, i found out that by going on advanced search i could bypass the virus and search for information about it. I would also have IE opening sometimes with publicity links. Now all the internet functionnality seems to work fine.

I used comboFix too, and it found a bunch of stuff, of which i am pretty sure one is a keylogger. For that reason, i created a new hotmail account to register to this website and will probably not use my real account on this computer anymore until it is safe to do so.

Currently, AVG8.5 Free Resident Shield alert keeps telling me about the file C:\Windows\System32\hjgruirhlshwmp.dll (infection Trojan horse BackDoor.Generic11.ZNE) and C:\Windows\System32 ... Read more

A:Trojan horse BackDoor.Generic11.ZNE and virus Packed.Monder

Please download RootRepeal Rootkit Detector and save it to your Desktop. * Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan. * Click this link to see a list of such programs and how to disable them. * Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) RootRepeal.zip. (click here if you're not sure how to do this. Vista users refer to this link.) * Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator... * Click on the Files tab, then click the Scan button. * In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK. * When the scan has completed, a list of files will be generated in the RootRepeal window. * Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from. * Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply. * Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".

Read other 5 answers
RELEVANCY SCORE 180.4

I have read that several people also have trojan horse agent.AABY and trojan horse agent.AACL like I do. Is there a straight forward solution?

There is AVG 8.0 free, SpyBot Search and Destroy, and Mawarebytes on my computer up to date and are getting run many times a day. I have searched hidden files and run all programs in safe mode as well. It keeps coming back!

Please help, this is driving me crazy.

A:Trojan Horse Agent.aaby And Trojan Horse Agent.aacl Infection

They are finding nothing? Have you tried scans from Safe mode woth the AVG and SpyBot? MBAM is stronger in normal mode. Do you have SpyBot's Teatimer function enabled ometimes that will interfere witha scan. Here's another tool to run...Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows... Read more

Read other 10 answers
RELEVANCY SCORE 180.4

One of mycomputers is infected and I need help. I ran Hijack This and it created a text file. I will post if below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:38 PM, on 4/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\system32\LxrJD31s.exeC:\WINDOWS\System32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcs... Read more

A:trojan horse sheur2 and trojan horse vundo

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

Read other 2 answers
RELEVANCY SCORE 180.4

Hello, I need help with this virus, as it has infected my core system files, namely
C:\WINDOWS\system32\drivers\ntfs.sys with Trojan Horse Rootkit-Pakes.M
C:\WINDOWS\system32\braviax.exe with Trojan horse Injector.FH
C:\WINDOWS\system32\dllcache\fiagaro.sys with Trojan horse BackDoor.Generic11.AINT
and a non core system file
C:\Documents and Settings\Leon\msword98.exe with Trojan Horse Crypt.GHK

as reported by AVG. Windows failed to boot because of the ntfs.sys file missing and i had to replace it from disk, and i think it has been corrupted. I googled a bit, Is the Injector the source of the virus?
I also need help, as HijackThis cannot install, when i press install, the program seems to unpack HijackThis, but the program Hiackthis itself does not work. Will try to get a log of it.
thanks in advance.
 

A:XP Trojan horse Rootkit-Pakes.M , BackDoor.Generic11.AINT and Injector.FH

Read other 13 answers
RELEVANCY SCORE 178.4

Hi there,

My computer is infected and restore points have been deleted by the invaders, so I'd really appreciate your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52, on 2009-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\Syste... Read more

A:Infected - Trojan horse Rootkit-Pakes.M, BackDoor.Generic11 and braviax.exe virus

Read other 16 answers
RELEVANCY SCORE 174

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 172.4

We have a new computer and I have downloaded adaware and AVG and ran it.

We are still getting a pop up from AVG Resident Sheild everytime we get on that says:

C:\Windows\system32\sqlldl.doll

Trojan horse BackDoor.Agent.BA

It won't let you quarantine, delete or heal it.

I saw a simular post on this, but did not even begin to understand it.

I was hoping someone could give me some "baby step" instructions on how to take care of this.

Thank you for any help.

It is Windows XP
 

A:Help with Trojan horse BackDoor.Agent

Read other 13 answers
RELEVANCY SCORE 172.4

Hi guys,

I keep getting the AVG resident shield giving me a message saying that it has found the above virus in C:\WINDOWS\system32\sql.dll. The problem is I can't find the file on the computer!
I have view all files enabled and it's blatently not there.

Any ideas?

TIA

Jimmy
 

A:Trojan horse BackDoor.Agent.BA sql.dll

Read other 6 answers
RELEVANCY SCORE 172.4

please help me!

Hello~I'm new here

I got a problem with my pc. My firewall found a trojan horse in my pc. It is called backdoor win32. agent ahj and my 7E49858CT.EXE and 7E49858C.EXE data is infected with that. These datas are located in my windows\system32 folder.
Are these datas important for windows xp? Or can I delete it without having any problems afterwards?
and how to get rid of the trojan horse?
Please help me!!
and sorry for my poor English

-Thanks for reading-
 

A:trojan horse--backdoor agent ahj

Welcome to TSG....

To download HJTsetup.exe from SpyKiller To Download HijackThis go to the following at the File Repository
Click on the button for Download to the right of HijackThis Self Installer:

http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
 

Read other 2 answers
RELEVANCY SCORE 172.4

Trojan horse backdoor.agent.NRB virus. Unable to delete hidden file.

All of the following has been done when logged on as administrator.
I recently attempted to install Nero 7 on a Windows XP Pro SP2 system, the install failed with an error "unable to create c:\windows\system32\nerocom.dll file". Subsequent investigations have led me thru a mine field of strange issues.

I have discovered:
- I cannot create any file (under any folder) with a name "xxxCOM.dll", even a simpe text file from Notepad can't be saved with a name containing "com.dll" - I get the same error as with the Nero install. I can create files with names like "xxxCOM1.dll, xxxCOM2.dll" but not "xxxCOM.dll". If I do create one with "xxxCOM1.dll" I can rename it as"xxxCOM.dll" from Explorer and this seems to work, if I then "right click" on the file and try and open the file I get an error "file does not exist" yet it is still showing under Windows explorer.
- I cannot display the security property information for any file on the system that has a name"xxxCOM.dll"

I then tried a variety of virus and spyware tools, with the following results
- Win Defender - nothing
- SpyBot - nothing
- AVG - continually pops up a threat warning "Trojan horse backdoor.agent.NRB in file c:\windows\system\COM.dll" but AVG can't heal the problem
- NOD32 - does not detect a virus in the file c:\windows\system... Read more

A:Trojan horse backdoor.agent.nrb

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

------------------------------------------------------


Quote:




I am thinking of trying the following rather radical step as a way of deleting this mysterious "COM.dll" file

- create a new folder "system32new".....

Any comments on this strategy.




Please, please, please do not do that. Post the logs and I will help you.

------------------------------------------------------

Please follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 3 answers
RELEVANCY SCORE 172.4

My Operating System is 98 SE. I have a trojan horse virus. AVG names it Trojan horse BackDoor.Agent.PTX. It is stored in my C\Windows\TEMP folder. How do I get rid of this?
 

A:Trojan horse BackDoor.Agent.PTX

Hi, Welcome to TSG!!
Restart in Safe Mode.

To boot up in Safe mode, continuously tap the F8 key while starting your computer.
You should see a black screen displaying the Windows Advanced Menu Options.
Using your keyboard's arrow keys, select Safe mode, then hit Enter.
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Restart your machine in normal mode.
 

Read other 1 answers
RELEVANCY SCORE 172.4

Pleae help, I'm desperate! AVG tells me I have this virus but it will not remove it. The file come.dll is nowhere to be found. What can I do? Here is my hijack this log. Thanks in advance!

Virus
Trogan horse BackDoor.Agent.BA

is found in file
C:\WINDOWS\system32\come.dll

Logfile of HijackThis v1.98.0
Scan saved at 6:30:34 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Mary\D... Read more

A:Trojan Horse BackDoor Agent.BA - HELP!!!

Bumping up. Still hoping for help.
 

Read other 3 answers
RELEVANCY SCORE 172

Hi all,

First of I'd like to say that it is very noble of you professionals who volunteer your otherwise precious time in helping out clueless people like me with their computer problems. I'll greatly appreciate any help I can get.

Well the situation is as such, recently I started my new job at a new workplace. And I believe the previous employee went to certain undesirable websites and was not aware of the implications to the computer terminal.

I installed an anti-virus programme (AVG), for safety purposes, and almost instantly it detected these trojan horses in the system.
Trojan horse Lop.4.k
Trojan horse BackDoor.Hupigon3.wyw
As my workplace is an off-site location, I do not have tech support. The computer is also unnaturally laggish in starting programmes. I have tried running AVG both in safe and normal mode but to no avail.

Also, I apologise for not being able to attach the Panda scan log but for some reason this terminal does not allow me to scan it via Panda scan.

Without further ado, here is the DSS log:


Deckard's System Scanner v20071014.68
Run by AdminNUS on 2008-06-10 11:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as AdminNUS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39 AM, on 10/06/2008
Platform: Windows XP SP2 (W... Read more

Read other answers
RELEVANCY SCORE 171.6

AVG keeps popping up with Trojan Horse Agent.EX & Trojan Horse Clicker. When I tell AVG to do anything, it says 'Requested action is not available for this object. Access to the file has been denied.' I keep getting porn sites added to my favorites list, and occasionally get a blinking yellow shield with a black exclamation point in my taskbar. Half the time when I click on websites I don't go to the website I get taken to some other stupid site. Have run Ewido, Ad Aware, Spybot, and AntiVir. Logfile of HijackThis v1.99.1Scan saved at 1:28:00 PM, on 11/22/2005Platform: Windows XP SP1MSIE: Internet Explorer v6.00 SP1Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\ewido\security suite\ewidoctrl.exeC:\WINDOWS\... Read more

A:Trojan Horse Agent.ex & Trojan Horse Clicker

Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was _____________________Download KillBox here: http://www.downloads.subratam.org/KillBox.zipSave it to your desktop.DO NOT run it yet._____________________Go to add/remove and uninstall UnSpyPC_____________________With IE closed, run Hijack This again. Put a checkmark on these entries and hit "fix checked":O4 - HKLM\..\Run: [dmkqv.exe] C:\WINDOWS\System32\dmkqv.exeO4 - HKLM\..\Run: [dmpme.exe] C:\WINDOWS\System32\dmpme.exeO4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"O9 - Extra button: Quik - {06B3FCA0-E208-4E3F-BC4D-392EC157720D} - http://www.azob.quik.com (file missing) (HKCU)O14 - IERESET.INF: START_PAGE_URL=http://www.azob.quik.com _____________________Boot into Safe ModeDouble-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle... Read more

Read other 18 answers
RELEVANCY SCORE 170.4

Hi,

I have a virus that my AVG software picks up - but the virus reappears every time I go back on the internet. Help please.

It appears in two locations - C:\Temp\1652269122.exe

and

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\S95ZXGSE\mun1_26_07_11_070.exe
 

A:Solved: Trojan horse BackDoor.agent.PTX

Read other 16 answers
RELEVANCY SCORE 170.4

I am trying to help a friend she advised avg came up with a virus detection. she had norton, uninstalled it, ran avg and this came up .

trojan horse backdoor agent BA ia

was what it listed. I asked her to send along a hjt log to post ... she is on xp home.

Logfile of HijackThis v1.97.7
Scan saved at 3:47:54 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mine\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mine\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mine\LOCALS~1\T... Read more

A:[Solved] trojan horse backdoor agent BA.ia

Read other 13 answers
RELEVANCY SCORE 170.4

Noticed freezing windows, then Generic Host Process error, and finally IE navigating by itself. AVG noticed the "Trojan Horse BackDoor.Agent.AHXQ" tried to remove, and now no longer detects it, but the system is still misbehaving.Generic Host process error sig:szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : unknownszModVer : 0.0.0.0 offset: 001a3b57error report contents:c:\docume~1\ellenm~1\locals~1\temp\WER90f7.dir00\svchost.exe.mdmpc:\docume~1\ellenm~1\locals~1\temp\WER90f7.dir00\appcompat.txtark and attach are attachedDDS follows.many thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ellen M at 9:07:21.56 on Tue 08/03/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1479 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\... Read more

A:Trojan Horse BackDoor.Agent.AHXQ

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.============================Please reply to this thread so I know that you still need our help. We're so sorry for the delay.

Read other 3 answers
RELEVANCY SCORE 168.8

Hi i just been charged 3 times on sum adult website for stuff i havent done. So i went on and cancelled my acct and put out a fraud alert. Now i scanned my computer today and found trojan horse backdoor.agent.IQL with avg antivirus. Its been happening since may 2007. I havent had the chance to put do a scan on spyware but i will soon. I have a few questions on what i should do now? Has my SSN been stolen??? i have recently tried applying for colleges and i put my ssn on the forms to be sent online. could this info have been stolen?? How could i have my credit card stolen? By keylogging, if so what do i do now? Please help me im so distressed i want to buy a new computer just to get rid of the virus. thank you!

A:Trojan Horse Backdoor Agent Iql (identity Theft)

You have to assume every piece of private/financial information has been retrieved from your computer by the backdoor trojan. All of it.The only sure way of knowing that this type of malware has been completely removed and left no access that can later be used to hack your computer is to wipe the drive and reinstall. You should change all passwords using a different computer and notify criedit cards, banks, paypal, etc. Here are two programs you can scan with and you should also post a Hijack This log.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------

Read other 17 answers
RELEVANCY SCORE 168.4

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 168

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue ... Read more

A:Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 168

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 166.8

I tried to follow the posting rules by being as specific as possible in the title to help, but unfortunately, it's hard to do that after running all of the scans and resolving some of the major issues I was having with this PC. I'm trying to clean it up for a friend, and I think I've done a decent job on my own by running all of the programs I use on my own PC as well as some you all suggest we run before posting an HJT log. It's taken FOREVER considering this thing has a 300MHz celeron and only 128MB RAM. Needless to say, I'm tired of screwing with it now..

Enough with the blabbering on about useless information, though. So far I've ran these programs with reasonable success.

AVG Anti-virus(in safe mode)
Trendmicro online virus scan
BitDefender online virus scan
Ad-aware SE Personal with the VX2 Add-on(in safe mode)
Spybot(twice-once in safe mode)
CWShredder(safe mode)
CleanUP!

Everything was updated before scanning!

Here's the log..

Logfile of HijackThis v1.99.1
Scan saved at 10:29:39 AM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\... Read more

A:BackDoor.Agent.2.H, Trojan horse Downloader.Istbar.PI, etc.(too much to list)

Hi there...


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Open Windows Explorer and delete the following red folder/s

c:\program files\ 180solutions

Reboot.......................

================================

It is very important to keep Sun Java up to date to help avoid exploitation by malware .
The current version is Java Runtime Environment (JRE) 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Click the link to download the Wind... Read more

Read other 8 answers
RELEVANCY SCORE 166.4

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 166.4

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers