Over 1 million tech questions and answers.

Trojan horse droppers, downloaders and backdoor- they all appear in my system

Q: Trojan horse droppers, downloaders and backdoor- they all appear in my system

When I looked into my AVG virus vault today I was concerned to see a series of trojan droppers and downloaders. There were 7 entries, and in order here's how they appeared:
trojan horsedropper.agent.CRO (twice)
trojan horse downloader.agent.INL (3 times)
trojan horse downloader.generic.3NPE (twice)
trojan horse backdoor.generic.2AJH
trojan horse dropper.agent.CRP

then when I ran Panda software these 2 viruses were found:
virus: trj/downloader.MSN
virus: trj/killav.FD (this one is located in the system32 file)

looking for more information on these is like wading through muck...
I have ran the AVG,panda software, adware and hjt and here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:06 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/din...2.1.0.0.53.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130831584937
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37890.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

please may I have some direction.

I should add that aside of once in a while being sluggish (which goes away when rebooted) there seem to be little else happening on computer to warn me of something more going on. I am also curious to know what is the differences between horse dropper, horse download and horse backdoor - all sound nefarious to me, it is just the name or a stage?

RELEVANCY SCORE 200
Preferred Solution: Trojan horse droppers, downloaders and backdoor- they all appear in my system

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan horse droppers, downloaders and backdoor- they all appear in my system

i am still on awaiting some direction please!

Read other 2 answers
RELEVANCY SCORE 99.6

Hey guys my problems started two days ago when I logged into Paypal. I downloaded a new program to make online debit card purchases called Paypal Plugin and I got an Active X message asking, do I trust the publisher, Paypal INC? I clicked yes and ran the installation. As soon as I ran the install my virus software warned me of a Trojan Dropper and a downloader. Immediatley I began recieving pop ups including on which said Paypal Plugin was succesfully installed. My computer crashed due to the amount of uncotrollable popups. Once I got the system back up and running Paypal plugin never installed on the computer and I am left with an almost useless computer. I called Paypal and got the runaround telling me just to turn on my popup blocker and I would be set, LOL.I have followed the instruction to the "T" on posting a Hijack This log and I hope someone can help. It has taken roughly 30mins just to post this message so I have a feeling I have several issues going on. I am going to post the Hijack This log and a Combo fix Log below. I will be looking forward to any assistance.Hijack This LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:24:41 PM, on 11/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

A:Downloaders, Trojan Droppers, Mrofinu72, Spyware.cyberlog-x, And Many More

bigjeepzz1. Open NotePad (not wordpad). Copy and paste the following into Notepad (Not the word code)File::
C:\WINDOWS\SYSTEM32\faupwkxa.dllbox
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\SYSTEM32\winpows.exe

Folder::
C:\Program Files\QdrModule
C:\Program Files\QdrDrive

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}&... Read more

Read other 10 answers
RELEVANCY SCORE 81.6

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 80

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 79.2

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 79.2

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 79.2

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 79.2

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers
RELEVANCY SCORE 79.2

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 78.4

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 76.8

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 76.8

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 76

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 75.6

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 74.8

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 74.8

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 74.8

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 70

Hi all,

First of I'd like to say that it is very noble of you professionals who volunteer your otherwise precious time in helping out clueless people like me with their computer problems. I'll greatly appreciate any help I can get.

Well the situation is as such, recently I started my new job at a new workplace. And I believe the previous employee went to certain undesirable websites and was not aware of the implications to the computer terminal.

I installed an anti-virus programme (AVG), for safety purposes, and almost instantly it detected these trojan horses in the system.
Trojan horse Lop.4.k
Trojan horse BackDoor.Hupigon3.wyw
As my workplace is an off-site location, I do not have tech support. The computer is also unnaturally laggish in starting programmes. I have tried running AVG both in safe and normal mode but to no avail.

Also, I apologise for not being able to attach the Panda scan log but for some reason this terminal does not allow me to scan it via Panda scan.

Without further ado, here is the DSS log:


Deckard's System Scanner v20071014.68
Run by AdminNUS on 2008-06-10 11:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as AdminNUS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39 AM, on 10/06/2008
Platform: Windows XP SP2 (W... Read more

Read other answers
RELEVANCY SCORE 68

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 68

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

A:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 67.2

Hello:
Please help me. My computer is infected and I dont know how to get rid of the viruses. I have the following security softwares...
a) zonealarm
b) avg
c) avira
d) spybot search and destroy.

AVG found a month ago the virus Trojan Small in my laptop, I managed to delete the file in safe mode but I was sure there was still something dodgy in my computer. Today I got infected with another virus (trojan horse backdoor sdbot2 cfl). I found the file in: windows/system32/etc/hosts but the second time I ran the scan it wasn't there anymore. I am sure I am infected but my antivirus detects nothing now. Please please, help me.
Yours Truly,
Mike

A:Trojan Horse Backdoor Sdbot2.cfl and Trojan Small.FR

Sorry forgot to add my hijackthis info...

Logfile of HijackThis v1.99.1
Scan saved at 21:04:07, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\h... Read more

Read other 7 answers
RELEVANCY SCORE 67.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:48 PM, on 8/2/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exec:\dbssys\DBSNTS.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\WinLivePatch.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\svchost.exeC:\program f... Read more

A:Hijackthis Log: Please Help Diagnose - Backdoor.trojan / Trojan Horse Etc.

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 30 answers
RELEVANCY SCORE 67.2

Spy Sweeper found: Trojan Horse found: trojan-backdoor-securemulti.
I have no idea how to clean this. I got it through a link over msn messenger. When I try to quaranteen it from spysweeper it doesn't do anything, and when I try to use anything to do with highjackthis it automatically shuts down the file or program.
HELP?!!! PLEASE
 

A:Trojan Horse found: trojan-backdoor-securemulti

Welcome to TSG

What location was it found in?

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Read other 3 answers
RELEVANCY SCORE 67.2

Help me I just clicked on a link provided by a fellow forum member and instantly I became Infected badly with multiple viruses and spyware. some of them are Backdoor trojans a trojan horse and a couple others. i cannot get ipu to close off of my close programs menu. Hurry please help me. This happened while testing the mcafee problem that I may of had causing excessive freezing of windows and ie. what should i do. is there any virus killers that can be downloaded to get rid of this nuisance . the popups are at an extreme level.
 

A:helppppp I got a virus trojan horse backdoor trojan. and others!!!!!!!!

go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 66.8

Hello,
Since I've installed McAfee 7.02, windows of the program appear stating that I have Backdoor BDD's. These are:

C:\WINDOWS\iedd32.dll\IEDD32.DLL
C:\WINDOWS\Thumbs.db:zbuur\ZBUUR
C:\WINDOWS\JAVAFT.EXE\JAVAFT.EXE
C:\WINDOWS\SYSTEM32\SDKDS.EXE\SDKDS.EXE
C:\WINDOWS\SYSGX32.DLL\SYSGX32.DLL
C:\WINDOWS\regedit.exe:xohwo\XOHWO

I tried to manage it myself, including installing A2. But the problem is that the folder is not open for repair. I saw that you guided several persons through the difficult process of detection and repair. I don't want to be a pain in the ass, but I'm asking you to do the same for me. If it is not too much trouble, I'd really appreciate it

Thanks in advance,
Zeezicht

A:Backdoor BDD, Trojan horse

Run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/If that doesn't help, then:Download the latest version of HijackThis (HJT), from here.Put HijackThis in a Permanent folder:Click My Computer / C: / File / New / Folder / name the folder; HijackThisPut HijackThis.exe, in this folder.This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.Read the pinned post in the HJT forum, hereFollow the directions, EXACTLY! This is important!Then, run a log, and post it in the HJT forum here. Do not, fix anything, yet.A member, of the HJT Team, will help you out.Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Read other 2 answers
RELEVANCY SCORE 66.8

I need help in removing Trojan horse BackDoor.VB.HAO. AVG does not seem to want to delete this Trojan. It has been a couple days now that have past since I let this trojan stick around because I waited till finally the guys at TechSupportForum told me that their hijack programs do not support Vista64. I am sure their are more things on my computer now than just this Trojan. If someone can please help me locate them I would really appreciate it.

-Baskiskg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:26 AM, on 5/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Games\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7805u&c=BB
R1... Read more

Read other answers
RELEVANCY SCORE 66.8

Hi. Yesterday my daughter was browsing the web for some audio files and we wound up with the "Google Redirect" virus. My version of AVG Free 2011 did not secure it and neither did MS Security Essentials. I removed both AVG and MSSE and ran "ComboFix". That has solved the "Google Redirect" issue. Right after that I downloaded AVG 2012 Free and it is currently the only virus protection I have running (that I can see anyway, I occasionally get something about a Norton thing that is running but I can seem to remove it. It's not listed in my program files).

At this point in time I am now getting a message from AVG that is detecting two virus's. The log file from AVG is below. AVG does not seem to be able to permanently remove these files and that's the problem.

Thank You,
Allen

Resident Shield detection
Infection Object
Trojan horse Cryptic.CEM c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3180\A0236789.exe
Trojan horse Cryptic.CEM c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3180\A0236789.exe
Trojan horse Cryptic.CEM c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3180\A0236789.exe
Trojan horse Cryptic.CEM c:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3180\A0236789.exe
Trojan horse Cryptic.CEM c:\System Volume Inform... Read more

A:Trojan Horse Backdoor

I'll apologize first....

I did not read the instructions first. I'll do those and let you know what happens. I ran ComboFix yesterday out of desparation...

Thank You,
Allen

Read other 3 answers
RELEVANCY SCORE 66.8

i have a trojan horse BackDoor.Ircbot.BZR and Trojan Horse SHeur.WIX

please can u help me

A:How Do I Get Rid Of Backdoor And Trojan Horse

Hello and welcome.What antivirus program are you running and have you ran a scan from Safe Mode..NOTE" backdoors are the most dangerous type . They can, will and do Steal your personal information and SEND it to malicious users. You should consider your PC compromised and change passwords ,credit cards and scrutinize all financial data that is stored on it.Run this Online Scan Panda ActiveScanClick on "Scan your PC". A new browser window will open with Panda ActiveScan. If this is the first time you scanned your PC, you?ll have to download the ActiveX controls Then download and scan with SUPERAntiSpyware Free Double-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before qu... Read more

Read other 8 answers
RELEVANCY SCORE 66.8

always pop up right after my pc boots. im using symantec b4, now AVG but its still here. any info bout this Trojanhorse backdoor?

A:What is this Trojan Horse Backdoor

Hi there

Please create a folder at C:\HJT or another permanent location of your choice and download HijackThis to the folder you created. This program will help us determine if there is any malware on your computer. After you have downloded HJT and before you do a scan please read Microbell's Five Step Process and follow the instructions.
_________________________________________________

Read other 1 answers
RELEVANCY SCORE 66.8

After running my AVG virus program it came up with a threat that it could not heal. Am wondering if anyone on here has an address for a removal tool or could explain to me how to remove the threat. Here it the message I got.

THREAT DETECTED
File C:\WINDOWS\system32\hwclock.exe
Trojan Horse BackDoor.Small 27.AQ.

I am not the smartest on a computer so please make as simple as possible

A:Trojan Horse BackDoor

Hi

Have a read of this: http://www.techsupportforum.com/secu...kthis-log.html

And then make a post here: http://www.techsupportforum.com/secu...kthis-log-help

One of the Security Analysts will assist you ASAP.

Read other 1 answers
RELEVANCY SCORE 66.8

I ran the DDS program and it says:

Can someone please help me out so I can move on to the next step so that I can destroy these malwares or viruses I have on my computer.

A:Trojan horse BackDoor.VB.HAO *HELP* #3

Creating multiple topics for the same issue is against forum rules. repeatedly bumping your other topic makes it seem to the VOLUNTEER helpers that it's being taken care of.

We don't support 64bit OS here, sorry. Most of our tools do not support it. Run your 64bit AntiVirus in safe mode, reenable UAC.

Read other 1 answers
RELEVANCY SCORE 66.8

I have done a search on the 'Net about this and cannot find it, other than on the AVG site. Do any of you know anything about it?

Scenario: Friend called about her computer not being able to stay connected. She had gotten her e-mail, but rec'd a threat warning. I walked her through the usual, but she couldn't stay connected.

After doing a few searches through her pc, I discovered that her User Profile in OE properties had been changed (that day) to 44XP301\Default. Also, there was an OE file that was 108,832KB that had been modified that day (shoot! forgot to write down where I found that!), and ICWCONN1.EXE was running in the Task Manager at 4,612K.

She also kept getting this message: Cannot load the Remote Access Connection Manager service.

This computer is Win '95. I know she needs to upgrade with a newer computer, but until she has the money to get one (which should be soon), this will have to serve.

So, my question is, how do I go about removing this trojan, especially if we cannot access the 'Net? The computer is telling us that it is connected, but we cannot go anywhere - get timed out messages, or just "page cannot be found", which we know NOT to be true. Do I change the user profile first? Tried that, but it wouldn't let me! Should I give up, and tell her that she'll just have to wait until she gets a new computer? ;-) Any suggestions?
 

A:Trojan horse - BackDoor.VB.CZ???

Anybody??? Sorry, can't get her connected to download HJT, so can't run a log.
 

Read other 1 answers
RELEVANCY SCORE 66.8

I have Windows XP Home. Avg scanned my computer and found this. Trojan Horse Backdoor Iroffer.F. It did not quarantine, remove or move to virus vault. How can I get rid of this? Thanks.
 

A:Trojan Horse Backdoor

What location was it found in?
 

Read other 3 answers
RELEVANCY SCORE 66.8

I ran the DDS program and it says:

A:Trojan horse BackDoor.VB.HAO *HELP* #2

bump please

Read other 8 answers
RELEVANCY SCORE 66.8

I've gotten I believe a malware issue. This infection popped up in my AVG anti virus "Trojan horse BackDoor.VB.HAO" and is now in the vault but I cannot seem to remove it completely.

I ran the DDS program that you guys say you need to run in order to solve these kinds of problems It seems that it does not support my operating system and it is not working.

A:Trojan horse BackDoor.VB.HAO *HELP*

bump please

Read other 2 answers
RELEVANCY SCORE 66.8

Hi and thanks for any help you can give me...First of all, I scan regularly my computer and beside the occasional tracking cookies it never find anything... 2 weeks ago my computer kept restarting by itself and after some research I figure out it might have been over heating, I used a dust remover can to clean fans and cpu and now it seem to be fine, not restarting (might still be related to my problem)A couple days a go a Threat alert pop up from AVG... so last night I updated all my stuff and used Ccleaner before going into safe mode. scan with AVG 9.0, SuperAntiSpyware and malawarebytes... all seemed normal!! This morning a trojan virus pop up again when nothing was open at all... so I'm a little confused and scared, that is why I need your help!! thank you again for taking time to help mepop up came up again and again and again and it happen when I leave the computer and comeback... from idle mode (once it's in screen saver mode or such thing)C:\System Volume Information\_restore{055B3954-32B8-4FA4-81E8-48BE2DC7DDFC}\RP436\A0120024.exe is the file this timenow it's A0120026.exe 27... 28...'trojan horse BackDoor.Generic_c.DLH'detected on open.2 years ago my motherboard fried and I reinstall everything on a new HD and kept the old HD as a backup drive, it's now F: I'm scanning that drive too so it might not be relevant but who knows, as much as I tell you is better I think. So might it be something on hidde... Read more

A:trojan horse BackDoor - HTJ log and more

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.Please read the preparation guide here => http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then post the required logs when you reply and we will begin from there. Thanks.

Read other 26 answers
RELEVANCY SCORE 66.8

Hello, i have a the virus Trojan horse Backdoor.Agent.BA and the a message comes up to run AVG for Windows, well i do and it doesn't seem to work. It says its in the file C:\WINDOWS\system32\wingkfn.dll, but i went to system 32 and there is no wingkfn file, so could this be a dummy virus or what, AVG hasn't deleted it, i have Ad-Aware and Norton Antivirus, any information on this would be greatly appreciated, thanks for your time.
 

Read other answers
RELEVANCY SCORE 66.8

Hello,

I wonder if anyone could please help with this problem,

I had a trojan horse irc/backdoor.sdbot.myx on my computer I removed this virus using avg and deleted 8,000 malicious folders it left in my shared documents, the problem is when I scan my computer with avg it is showing a lot of zipped folders left in c:\documents and settings\owner\complete.
I have spent hours trying to find this folder so Ican delete the garbage left behind but alas I cannot find it.
I would be most grateful if anyone could help and offer some advice on the trojan.

Many thanks

A:Trojan Horse Backdoor

Try running AdAware SE Personal Edition in full mode. It will show the location of the affected folders.

Read other 2 answers
RELEVANCY SCORE 66

Hello -hope someone can help!
In the last few days my AVG virus scanner has been popping up a virus alert with the name Trojan horse BackDoor.Generic3.CFP, apparently in file D:\WINDOWS\system32\skyx16.dll - although that file doesn't seem to appear in that folder, even when hidden files are showing.

I have tried online scanners, which show nothing, and AVG seems unable to heal or delete - in fact, sometimes it just pops the same message up every 30 seconds.

I have pasted my HJT log below:

Logfile of HijackThis v1.99.1
Scan saved at 14:12:14, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Fil... Read more

A:Trojan horse BackDoor.Generic3.CFP

Hello mrvixen, and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst,
and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time

Read other 15 answers
RELEVANCY SCORE 66

Hello,
 
2 days ago, I decided to run a regular virus scan and unexpectedly, my computer was infected with “Trojan horse Generic32.MKY”. It was removed after the scan by AVG.
 
Then later, AVG popped out and said it detected another one of the same infection, which was removed afterwards as well. The virus didn’t affect my computer performance therefore I didn’t know my computer was infected.
 
I was worried that that there were more Trojans because the second Trojan wasn’t detected from the scan. So I scanned my computer with AVG, Malwarebytes, ESET Online Scanner and Superantispyware.
 
All came out clean so I thought the problem was over…
 
 
 
Today, while I was surfing the internet, my webpage suddenly redirected when I didn’t click anything. The page started to load Java so I ended it with task manager because apparently clicking close didn’t work. AVG popped out a “Multiple threat detection” and found 2 “Trojan horse BackDoor.Generic15.BYNL”, which I clicked move to vault. An AVG Identity Protection window also popped out and it said “IDP.Generic.3035C45D” at threat name. So I removed it and restarted my computer as suggested.
 
I received a “Threat Removal Completed” window when it finished restarting. The summary page said 1 process was terminated and 4 files were deleted.
 
 
However I don’t think I should assume tha... Read more

A:Trojan horse BackDoor Infection

Hello, I feel it important you know this... One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.   If you decide to clean it then,we should get a deeper look. Please follow this Preparation Guide and post in a new topic.Let me know if all went well.Include this link back to here... http://www.bleepingcomputer.com/forums/t/4... Read more

Read other 7 answers
RELEVANCY SCORE 66

Hi
The above is the Trojan Horse found during AVG scan.

Path
C:\WINDOWS\System 32\setup_53360.exe

My Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:24 PM, on 2/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4... Read more

A:Trojan Horse IRC/Backdoor.SdBot.202.AU

Hi and welcome to the Security Forum.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Download SDFix and save it to your desktop.
Do not do anything with this yet!



Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.



SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and d... Read more

Read other 3 answers
RELEVANCY SCORE 66

How can i remove this trojan Horse?. I am unable to remove it through avast and malwarebytes. Is there any idea to remove without harming the file system. Please help

A:Trojan Horse and backdoor.poison

Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will ... Read more

Read other 9 answers
RELEVANCY SCORE 66

I have AVG loaded on my computer and it has found the above Trojan but it wont let me heal it or move it to the vault.It just keeps popping up !any help would be very appreciated.
computer is a little bit slow

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:27, on 27/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WT32EXE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C... Read more

A:Please help How do I get rid of Trojan horse/RC/Backdoor sdrot3 CPQ

Read other 14 answers
RELEVANCY SCORE 66

1) Was doing research... led me to this weird site. Couldn't get out of site. Knew something was up immediately...
2) Went to System Restore. That failed.
3) Running AVG. Usually catches everything, but not this thing. Something called Trojan horse BackDoor.Generic13.VSN keeps showing up but it won't take care of it...
4) Now computer will not start any new programs. Says "application cannot be executed"...everything from calculator to photoshop. Not even task manager...
5) Fake antivirus programs keep wanting to start. Firefox keeps changing the links and sites I click on, and window explorer is popping up to porno sites by itself...(never use IE. ever)
6) Tried to get Malware Bytes... Cannot run that new download...
7) UPDATE: restarted in safe mode, but still having problems...

HELP ME!!!

Read other answers
RELEVANCY SCORE 66

Shoot! I just got this thing popping up first in an AVG shell scan of a downloaded folder and then after deleting it, it is showing up in my system scan in system restore. I just went through getting cleaned of another virus a couple weeks ago and had to do a system restore flush, etc. Before I proceed to chase this little bugger down, I wanted to ask in here if I should go through the whole Hijack This scan and post or what advice I might get here.

thanks in advance
Rachel
 

A:Trojan Horse Backdoor.Generic.ICJ

if it is just showing in restore point then do the flush again
 

Read other 2 answers
RELEVANCY SCORE 66

I encountered this Trojan on my system. I'm running windows Vista. I ran AVG, Malewarebytes and Spybot in both regular and safe mode... TWICE. It appeared that everything was cleaned up. But everytime I start my PC in regular mode, the AVG Resident Shield finds Generic 11.ZNE in System32\hjgruimempuvue.dll. I have tried to locate the System32 file in safe mode to manually delete but can't find it. I don't know what else to do other than wipe my hard drive... Please help!

A:Trojan horse BackDoor.Generic 11.ZNE

Please run Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Cha... Read more

Read other 2 answers