Over 1 million tech questions and answers.

Infected with Generic13.BDTK, Win32/Puce.E, Win32/CryptExe, Downloader.Generic_r.da

Q: Infected with Generic13.BDTK, Win32/Puce.E, Win32/CryptExe, Downloader.Generic_r.da

Avg picked them up. Computer is still crashing and programs will not close. Also woke up this morning to my computer with a message saying the driver has crashed. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:26:29 PM, on 8/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeI:\WINDOWS\system32\spoolsv.exeI:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeI:\WINDOWS\system32\nvsvc32.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\Explorer.EXEI:\Program Files\Microsoft ActiveSync\wcescomm.exeI:\PROGRA~1\MICROS~3\rapimgr.exeI:\PROGRA~1\AVG\AVG8\avgwdsvc.exeI:\PROGRA~1\AVG\AVG8\avgrsx.exeI:\PROGRA~1\AVG\AVG8\avgnsx.exeI:\Program Files\Mozilla Firefox\firefox.exeI:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG8\avgssie.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [Pidgin] I:\Program Files\Pidgin\pidgin.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "I:\Program Files\Microsoft ActiveSync\wcescomm.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - I:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196475907859O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - I:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - I:\WINDOWS\System32\TuneUpDefragService.exe

RELEVANCY SCORE 200
Preferred Solution: Infected with Generic13.BDTK, Win32/Puce.E, Win32/CryptExe, Downloader.Generic_r.da

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected with Generic13.BDTK, Win32/Puce.E, Win32/CryptExe, Downloader.Generic_r.da

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 122

Computer crashed after it got infected with viruses. I eventually got it running and I think cleaned them out with Superantispyware and AVG, but browsers and computer still running slow. I'm primarily using Firefox as browser and Windows XP sp3. Attaching HJT log. Thanks for any help!

Below is a copy of log from AVG resident shield infections:

Virus found Win32/Cryptor;"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0029324.dll";"Moved to Virus Vault";"7/16/2009, 11:56:04 PM";"file";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

Trojan horse Generic13.ATPH;"C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0029325.dll";"Moved to Virus Vault";"7/16/2009, 11:56:04 PM";"file";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

Trojan horse Downloader.Zlob.ANSF;"C:\WINDOWS\SYSTEM32\UACqgojufuawyoiatact.dll";"Moved to Virus Vault";"7/16/2009, 11:26:50 PM";"file";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

Trojan horse Generic13.BQVV;"C:\WINDOWS\SYSTEM32\UACjunotjyfxgygeoety.dll";"Moved to Virus Vault";"7/16/2009, 11:26:49 PM";"file";"C:\Program Files\SUPERAnti... Read more

A:Win32/Cryptor, Trojan Horses Generic13.ATPH, Downloader.Zlob.ANSF, Generic13.BQW

Hello chefbrad and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the res... Read more

Read other 12 answers
RELEVANCY SCORE 118.8

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 116.4

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 114.4

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 107.6

well, as titled.. thanks in advance folks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:44:22 PM, on 10/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeD:\Program Files\AlienGUIse\wbload.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeD:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Razer\Copperhead\razerhid.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeD:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program... Read more

A:Infected With Win32/cryptexe

What program is indicating that Win32/cryptexe is on your system and where is it located at?Nothing of significant concern showing in your log but there are a few optional fixes you can make.Run HijackThis, and press "Scan." When the scan is complete place a check mark next to the following entries: (Please be careful and do not check any other boxes)You can OPTIONALLY check these entries. They automatically run at startup more for convenience than anything else and are available elsewhere, i.e. Start -> Programs. If you use HJT to fix them, you will save resources and increase system performance. Your choice.O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"After checking these items CLOSE ALL open windows except HijackThis and click "Fix Checked" to remove the entries you checked. A box will... Read more

Read other 1 answers
RELEVANCY SCORE 107.6

hello.I've never posted in a forum like this so i hope i write down everything i need. I have pretty basic computer knowledge so i hope i dont sound like to much of a dope I use windows xp. And use microsoft explorer. avg free run a scan and found Win32/cryptExe, but it wouldn't remove it. I also ran Ewido Anti-Spyware, Ad-Aware SE and Hijackthis. I'm not sure if im supposed to post my hijackthis log but i will. Ive never used Hijackthis before either so i hope i've done that bit right. Is there anything else im supposed to mention? Thnx in advance. Logfile of HijackThis v1.99.1Scan saved at 8:28:03 PM, on 9/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Webroot\Accelerate\accelerate2002.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ewido an... Read more

A:Infected With Win32/cryptexe

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.
Your hijackthis log looks pretty good. Can you give me some more detail about what AVG is finding? What is the location of the virus?

Read other 2 answers
RELEVANCY SCORE 101.2

Hi, I'll try to be clear and concise, but I'm not an expert with computers and I may over-explain things, or not mention other obvious things.

A few days ago I plugged my pendrive into computer at work and was told by AVG (which they have running there) that the pen contained a 'general trojan' whcih AVG gave me the option to eliminiate, and I did.

This obviously made me wonder if I had a problem with my own computer. I did a bit of googling about pendrives and trojans and discovered one tell-tale sign is bening unable to remove the pen safely through windows as a program is still writing to it. Anyway I messed around plugging unplugging my pen and found that yes I did have problems safely disconnecting. Also when i tried to open it (double click) through My Computer, rather than opening the removable disk drive I got a 'choose what program you want to use to open this file' box. Right click and 'open' would open the pen no-problem. Took pen back to work and got same message from AVG, eliminitated the trojan again!

Now, I have Norton internet security (CONFESSION subscription expred approx 4 months ago, havent renewed). I ran a full scan - came back with nothing. I also have Spybot and ad-aware installed and I updated them and ran full scans.

Ad-aware detected Win32.worm.autorun in C/System Volume Information witha a very long filename which began _restore and finished A0049223.exe - Adaware removed this for me

Sybot de... Read more

A:Cryptexe, Win32.wor.autorun, Win32/bifrose.au

Hello although i prefer to do this last,I think the infection is living in system restore. So lets clean them and the scan again with AVG and then MalWareBytes.Also you are correct about th vault.Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup
to remove all but the most recently created Restore Point.Then go to Start > Run and type: CleanmgrClick "OK".Click the "More Options" Tab.Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.NEXT Scan:Please download Malwarebytes Anti-Malware and save it to your desktop.alt... Read more

Read other 5 answers
RELEVANCY SCORE 99.2

Avast continually blocks the following threats: - Win32:Malware-gen - WIn32:Downloader-PKU [Trj] - Win32:DNSChanger-VJ [Trj]Avast scans and detects Win32:Sirefef-PL [Rtk], cannot remove it though.Malwarebytes scan detects BCminer, quarantines it, though never seems to get rid of BCminer. Other issues of possible note: - Windows Firewall not running 0x80070424 - Backup & Restore - last backup did not complete successfully - server execution failed - 0x80080005Ran both DDS and GMER (GMER did not have all the options available as per the preparation guide, and did not log anything when the scan was complete). .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Family-pc at 12:37:05 on 2012-08-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16383.13888 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\sy... Read more

A:Win32:Sirefef-PL, Win32:Malware-gen, WIn32:Downloader-PKU [Trj], Win32:DNSChanger-VJ [Trj], BCMiner need help

Hello Njals, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?

Read other 21 answers
RELEVANCY SCORE 96

Hi there, Can you help to remove this virus. My brother got it when he downloaded a music file from emule

Hes on windows xp and this is his HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:23, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Archivos de programa\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Archivos de programa\ATI Technologies\ATI.... Read more

Read other answers
RELEVANCY SCORE 95.6

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 90.8

Hi, this is my very first time posting in a forum like this, so I need a lot of help. Last nite I stupidly clicked on and installed a virus through msn messenger. I have AVG free antivirus installed on my computer and had detected the virus. It constantly send messages to everyone on my contact list to click and view a zip folder of pictures. I tried to move the virus to the vault, and even tried to delete and remove the p19.exe file from a few of the folders already, but it continues to stay and send messages. I am currently on Window XP with the SP2 update. I'm not sure on how to proceed, if someone could help me out that would be great. I know how to use a computer, but just not that literate with how to remove these nasty virus/malware kind of stuff. After searching I found that I should download HijackThis program and save it in the c:\ as a separate folder, but have not installed/run it yet.

A:Win32/cryptexe Problem

Hello Panda23Your infections is a related to a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect your computer from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to re... Read more

Read other 5 answers
RELEVANCY SCORE 89.6

Hi,

I ran Avg Antivirus and it reported 18 viuses out of which 17 were healed. 'Win32/CryptExe' is what it's called and C:\WINDOWS\system32\setup_78318.exe is the pathway.I'd post my Hijackthis log , but it's against the rules. I'm not very good with computers and I don't know the first thing about how to remove it ( I thought the antivirus would do that!) so I haven't tried anything yet and any help would be appreciated .thanks...

A:Need Help Removing Virus 'win32/cryptexe' From Wxp Pro

Hi claire 2k6 welcome to BC. Go thru these steps. If at any point yuo come to a standstill just post here and we will come to the rescue

Read other 4 answers
RELEVANCY SCORE 89.6

The last two days my computer has frozen up while trying to surf around online. This seemed weird so I ran a full system scan with symantec endpoint both days. Both times the logs came back with no risks detected. Today I started getting internet explorer pops directing me to sites. I knew at this point I had an infection that endpoint was not picking up. I disabled my network card and used another computer to download some of the suggest programs I've seen on this site. I has hoping to at least get the problem quarantined so that I would feel safe enough to enable the network card again. After running the utilities, I am not freezing when surfing web pages and have resumed using the computer. I would like help making sure that my computer is clean since endpoint obviously isn't catching this problem. Below are the logs for Kaspersky Online Scan & DSS.Deckard's System Scanner v20071014.68Run by bgedeon on 2008-07-29 14:40:22Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as bgedeon.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:40, on 2008-07-29Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\s... Read more

A:Infected With Trojan.win32.monder.bcb & Trojan-downloader.win32.agent.xxa

I continued to investigate on my own. Combofix quaratined some files, but did not delete them. A scheduled full system scan with endpoint finally picked up some infections with the newest updates loaded. Symantec scan labels the infections as Trojan.Vundo and Trojan.Metajuan. Metajuan was removed automatically, but Vundo proved to be a little more pesky. Symantec offers a removal tool for Vundo on there website. I opted to try out Malwarebytes' Anti-Malware (mbam). It was able to located the files that were in quaratine and some infected files that were in system restore. I disable system restore to avoid any problems and mbam was able to delete all the files. After a system restart, I scanned with Symantec Vundo tool and found no further signs of infection. Mbam did a good job Re-enabled system restore and recreated a fresh restore point. I'm hoping that this will be in the end of this problem, but would still be interested in someone combing through some of my logs to see if anything was missed. I'm still a little miffed that endpoint had not picked these infections up when they are not exactly new threats and I had the most current definitions when I ran my previous scans.

Read other 10 answers
RELEVANCY SCORE 85.2

Hi, this is my first post. A week ago my idiot son who was visiting, connected his hard drive to my computer while connected to the internet and with autoplay on.Subsequently I was infected with a number of viruses.I have never had problems before. My Norton Antivirus programme was useless and I uninstalled it as it was unable to solve the probs and kept freezing. Taking advice from forums like this I installed Malaware and AVG free as virus checks, Spybot, and Adaware to complement Spyware terminator I already had. I also have Hijack This. I also installed Zone Alarm as a firewall and now use Mozilla Firefox as a web browser instead of MIE. After hours of scans in normal and safe modes, replacing my hosts file which had porn and betting site references on and deleting lots of refs. from my registry I still have a problem. I originally had a 'Pandex' virus, 'Fakeavalert' virus, 'Trojan horse small' and 'tidseerv' virus. My sons hard drive had a 'resycled' folder with a boot.com file on which transferred to my hard drive. They all , fingers -crossed have gone. I turned off windows restore, but I am left with a continual resident shield alert from Avg virus scan saying I am infected with the Trojan horse downloader.generic_r.Bj virus on various temp files in windows. It is unable to delete these. I have managed it in safe mode but they return. If I try manually to delete those files I am unable as they are locked by a running process. I ... Read more

A:Infected with Trojan horse downloader.generic_r.Bj

Please do this next.Open MBAM and click Update tab, select Check for Updates,when doneclick Scanner tab,select Full scan and scan.After scan click Remove Selected,Post new log and Reboot.Follow that with SDFix..Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 8 answers
RELEVANCY SCORE 84.8

I started getting fake Windows Security Essentials pop ups every time I attempted to open Chrome, saying that WSE had detected a potential threat. I ran task manager and found that hotfix.exe was running, which I ended and was able to use my browsers again. I ran Malwarebytes, cleaned the problems and restarted. The popups have now stopped, but internet explorer opens randomly with ads and MSE is going nuts with reports of Win32/Renos.LX, Win32/Renos.JS and Win32/FakeYak. Malwarebytes has been reporting Trojan.FakeAlert, Trojan.Downloader and Trojan.Dropper. No matter how many times I remove said threats, they are always there after a restart. DDS (Ver_10-10-31.01) - NTFS_AMD64 Run by Bryony at 21:17:56.29 on 31/10/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3958.2188 [GMT 0:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\... Read more

A:Trojan Downloader: Win32/Renos.LX, Win32/Renos.JS, Rogue: Win32/FakeYak

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 84.8

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 84.4

Firefox and Mostly IE is experiencing redirects when I search through any search engine. Avast is continuously stopping malware in the Windows\Temp folder.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ricardo at 15:09:36.31 on Sun 12/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2184 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\... Read more

A:Infected with Win32:Malware-gen, Win32:Rootkit-gen, and Win32:Spyware-gen

Please close this post. I'm reformatting and reinstalling an Acronis Image prior to the infection. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 84.4

Hello all,Because of my careless actions while using my computer and IM i got infected and now i cant get rid of it. Im getting now ad pop-up's only, and i think i got rid of some infections that came but still there are left a few. I got this infection about a week ago. Computer hasnt been used much after that 'cos i had to go away for a week and didnt have time to try to fix it then. Now i tried to fight with this for a couple of days, but no glorious victory for me here.Kaspersky's online scan report is last in my postIf you have time and knowledge to help me, i would appreciate it.Thanks in advancemain.txt:Deckard's System Scanner v20071014.68Run by Jaybird on 2008-06-07 14:21:17Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Jaybird.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:28, on 7.6.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\W... Read more

A:Infected With Win32.virtumonde/win32.monde/win32.ircbot

Hello Jay-EM and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 2 answers
RELEVANCY SCORE 84.4

Discovered via my weekly Spybot run this morning.  Spybot was unable to remove.  I've done a little research this morning and see it can be fairly complicated to remove.  Can you help me?
 
Here is my DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by GregAdmin at 13:43:19 on 2013-06-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3326.919 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite... Read more

A:Infected with Win32.Downloader.gen

Hello gb75094 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 20 answers
RELEVANCY SCORE 84.4

Cleaning up my sister's computer (Vista), I ran Spybot Search & Destroy and along with the usual cookies, it said it found Win32.Agent.ieu, Zlob.Downloader.rid, and Win32.FraudLoad. After 'fixing' these, I checked and saw that Windows Firewall was disabled. When I tried to restore the defaults, it wouldn't work. Of course this may be unrelated. I restarted and ran another Spybot scan, and found Win32.Agent.ieu and Zlob.Downloader.rid again, and removed them again. This time when I tried to re-enable the Windows Firewall defaults, it worked. About the same time I was doing this, my sister discovered someone had hijacked their PayPal account and made a large purchase... this may also be unrelated, but I suppose it's possible the malware snagged their login info. At this point I decided it was time to call in the cavalry to make sure this malware was completely gone. I couldn't get GMER to run. After starting the scan, I got a blue screen / restart twice in a row. Your help in clearing this off is appreciated!DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris & Kait at 12:57:21.69 on Fri 04/30/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1022.176 [GMT -5:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ====... Read more

A:Triple infection: Win32.Agent.ieu, Zlob.Downloader.rid, and Win32.FraudLoad

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 84

I believe that I have been infected by the following Virus: Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR. They were all removed by either Zone Alarm Anti-Spyware and SuperAntiSpyware. However, I continue to have the symptoms: sporadic hijack of my keyboard so keystrokes are exected in what appears to be a random fashion. I say it's random because most of the time what's typed by the virus doesn't make any sese.I was working with FAX in the ZoneAlarm user forum who recomended the malware removal tools and suggested I post my Hijackthis log if all else failed. All else has failed. Following is the log. Thanks for your help.
 hijackthis.log   16.26KB
  17 downloadsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:13:46 PM, on 6/28/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\WinZip\WZQKPICK.EXEC:\Program Files (x86)\WordWeb\wweb32.exeC:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\HPQ\HP Connection Manager 2�... Read more

A:Infection by Rootkit.Agent/Gen-DNSHack; WIN32.Downloader.Small.afwj; Win32.Trojan.Dropper.VB.TR

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a... Read more

Read other 26 answers
RELEVANCY SCORE 84

Hello and thank you in advance,I have attached the DSS reports and the Kapersky report below. Besides having a slow computer, I have noticed that in my "suspect e-mail folder" in my Earthlink account I have lots of messages reading "delivery error" and there are a lot of messages I never sent. I'm pretty sure this would be the e-mail worm that's in the Kapersky report. I'm not sure about all the rest. We use the Windows Firewall and AVG Free 8.0. I also have used SpyBot Search and Destroy. I think Kapersky found more than everything else combined. Can you please help me clean up my computer? Thanks!!!THE DSS Main.txt report:Deckard's System Scanner v20071014.68Run by Meredith on 2008-07-28 07:25:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --84: 2008-07-28 14:26:14 UTC - RP763 - Deckard's System Scanner Restore Point83: 2008-07-27 16:48:35 UTC - RP762 - System Checkpoint82: 2008-07-26 16:47:22 UTC - RP761 - System Checkpoint81: 2008-07-25 16:17:28 UTC - RP760 - System Checkpoint80: 2008-07-24 15:54:47 UTC - RP759 - System Checkpoint-- First Restore Point -- 1: 2008-04-29 22:03:55 UTC - RP680 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 255 MiB (512 MiB recommended... Read more

A:Trojan-downloader.win32.vb.ah And Email-worm.win32.sircam.c

Just wondering... how long does it take for someone to respond?

Read other 30 answers
RELEVANCY SCORE 83.6

hello; I read your instructions and did as instructed. Some of my scans were did a few days o.k and the latest one was done today. My computer is giving me a e-machine popup which i can only get rid of temporarily. My computer is now running very slow and not functioning normally. I would appreciate any help that you may be able to provide.Deckard's System Scanner v20071014.68Run by Owner on 2008-06-23 16:21:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --48: 2008-06-23 23:21:22 UTC - RP390 - Deckard's System Scanner Restore Point47: 2008-06-19 01:22:27 UTC - RP389 - Installed Google Toolbar for Internet Explorer46: 2008-06-19 01:13:42 UTC - RP388 - Installed Java™ 6 Update 645: 2008-06-18 23:44:31 UTC - RP387 - System Checkpoint44: 2008-06-17 22:50:14 UTC - RP386 - System Checkpoint-- First Restore Point -- 1: 2008-03-27 17:46:01 UTC - RP343 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 80% (more than 75%).Total Physical Memory: 367 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-23 16:24:14Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer ... Read more

A:Help Infected With Trojan Downloader. Win32

Hello, shellimae. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.Please run Deckard's System Scanner again, this time using these instructions:(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)Click on Start, click on RunCopy and paste the following in the open window and then click OK:
"%userprofile%\desktop\dss.exe" /configThis will open up DSS configurationClick on Check All.Click Scan.
DSS will now run again.Please post back both logs that open in notepad.
Main.txt and Extra.txtIn your next reply, please include the following:DSS's Main.txtDSS's Extra.txtBilly3

Read other 2 answers
RELEVANCY SCORE 83.6

I somehow got a suprise package a viruses including surfsidekick win32.trojan.downloader and many others I got rid of most of them with adaware and got rid of surfsidekick but I cannot seem to get rid of the trojan downloader, it even somehow seems to regroup all of its friggin spyware buddies when I go back to normal boot mode and leave the net running, so now the computer is sitting in the other room quarantined in safe mode without a connection to the net. I noticed a file that was created at the same time in system32 called kaqkaxv that won't let me delete it and it could be the root of my problem but i'm not really sure after i ran highjack this in safe mode i get this
R0 HKCU\software\microsoft\internet\explorer\startpage=
F2 Reg:system.ini:Shell=Explorer.exe,C:\Windows\system32\aejhp.exe
F2 Reg:system.ini:Userinit:\Windows\system32\userinit.exe, kaqkxv.exe
04 HKLM\...\Runservices:[csr]csrrs.exe
04 Global Startup:svchost.exe
010 Hijacked internet by New.net
bout 4 more of those
016 DPF:RaptisoftGameloader-http://www.miniclip.com/haphazzard/raptisoftgameloader.cab
020 Winlogon Notify:RunOnce - C:\Windows\system32\s6rslg9716.dll
let me know what you think

A:Infected With Win32.trojan.downloader

You have several problems there. I suggest you read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log".When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.Start a new topic, give it a relevant title and post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log here.After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special ... Read more

Read other 2 answers
RELEVANCY SCORE 83.6

Ad-Aware se found this during a normal scan (win32.trojan.downloader). My desktop had been doing some crazy things like my IE home page would change & when I would change it back to yahoo or whatever IE would lock up and terminate. I'm no longer having the crazy problems with IE since loading the software recommended by bleepingcomputer tutorial, but every time I run a scan w/Ad-Aware se it's still finding this "trojan downloader". File = c:/windows/system32/taskdir.dllLogfile of HijackThis v1.99.1Scan saved at 8:48:38 AM, on 6/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program ... Read more

A:Infected With Win32.trojan.downloader

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 3 answers
RELEVANCY SCORE 83.6

Hi and Welcome to the forums. Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other answers
RELEVANCY SCORE 83.6

Hi. In the last two weeks, my computer has been bombarded by trojans. I've got McAfee firewall, etc., but some of these buggers managed to get through. I had to pay the McAfee techs to clean out the first one. And now, I keep getting a warning box from McAfee saying that a generic.dx trojan has been quarantined. I ran the Kaspersky scan and it found the two viruses mentioned above in the topic title. I also ran the hijackthis program. Oh, and I also ran the McAfee scan today and it came up clean. I don't know what to do. I'm a novice at this stuff. Would it be better to pay McAfee again to clean it out, pay Kaspersky or what? And is there a better security software than McAfee? I never got a Trojan warnings before 2 weeks ago. My McAfee subscription renewed itself 2 weeks ago -- to add insult to injury, while I was on the phone with the McAfee techs. I'd happily jettison it if I could find a better program. So, again, I don't know what to do. I'm a complete novice at this stuff. Any help y'all could give would be much appreciated. Deckard's System Scanner v20071014.68Run by Alison on 2008-05-30 18:53:13Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --69: 2008-05-31 01:53:17 UTC - RP75 - Deckard's System Scanner Restore Point68: 2008-05-30 23:37:26 UT... Read more

A:Infected With Trojan-downloader.win32.vb.eqj And Trojan-psw.win32.wow.bam

moving it up.

can anybody help?

thanking you in advance.

Read other 3 answers
RELEVANCY SCORE 83.6

i was running avg free software and started hearing noises/advertisements on computer when nothing was on the screen. Then a fake security system tried to alert me to a threat. I ran avg with found 3 threats but were unabe to remove them
irphook.\driver\atapiirp_mj_internal_device_control->OXFFFFFA8004C675A4

Trojan horse downloader.generic13.cam
c:\windows\system32\svhost.exe(1304)

MBP:\\.\PHYSICALDRIVE0\PARTITION3
MBR:SST[RTK]

I tried running AVG, AVAST: they see the threats but are unable to delete.
I ran Malwarebytes and it cannot find anything.
I ran norton virus and it is unable to fully complete the scan. Norton suggested I try thier "eraser" to which it finds nothing. Then they suggested I run thier boot recovery program on from a usb - it found nothing.

The virus wiped out all of my photos, music and documents. But I had them backed up online.
My windows firewall is also not working.
<not related> My computer broke last year and I gave my computer to a friend that had to put a new motherboard on it and now My windows 7 says it is not genuine.
I still have the original back up discs for windows 7 if I need them. Here are the logs you requested.
Thank you so VERY VERY much for any help
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by richardsons at 0:35:32 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2726 [GMT -4:00]
.
AV: UnThrea... Read more

A:infected with trojan horse downloader.generic13.cam

Greetings jcheck99 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please... Read more

Read other answers
RELEVANCY SCORE 83.2

AVG picked up a Win32/Crypt virus earlier, apparently in my conhost.exe file, which it then fixed. A few minutes later a Trojan backdoor.generic13 was detected, which it also removed, just want to make sure that I'm in the all clear

I'm running 64 bit windows, so can't run gmer etc
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Rich at 20:22:55.00 on 17/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.1041 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:�... Read more

A:Win32/Crypt and Trojan backdoor.generic13

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 83.2

Spybot Search & Destroy found win32.agent.sd, win32.tdss.rtk, and zlob.downloader.bit. I removed them successfully, yet my computer is still running incredibly sluggish. When I go to Control Panel>Security Center>Virus Protection, it says VirusRescue3.0 is up to date. I have no idea what Virus Rescue is. Also, when i go to My Computer>C: it gives me the following error message: "windows cannot find resycled\boot.com. Make sure you typed the name correctly and try again. To search for a file, click the Start button, then click Search.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:07 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jr... Read more

A:win32.agent.sd, win32.tdss.rtk, zlob.downloader.bit

Read other 16 answers
RELEVANCY SCORE 83.2

Im going nutz with these two and I dont know how to get rid of them. Windows XP running. Tried to understand other threads but not sure if it would apply to what I have here. A great deal of help needed!
 

A:virus IM-Worm.win32 and also Trojan-downloader.win32

Read other 16 answers
RELEVANCY SCORE 83.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:51:28, on 13.02.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programfiler\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programfiler\Alwil Software\Avast4\aswUpdSv.exeC:\Programfiler\Alwil Software\Avast4\ashServ.exeC:\Programfiler\Java\jre1.6.0_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exeC:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exeC:\WINDOWS\ALCXMNTR.EXEC:\Programfiler\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Programfiler\Windows Defender\MSASCui.exeC:\Programfiler\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:&#... Read more

A:Win32:bancos-auk(trj) , Trojan-downloader.win32.small.ast

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems. You have a Backdoor Trojan present on your pc A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions sho... Read more

Read other 1 answers
RELEVANCY SCORE 83.2

I did preform the online scan it took over 2 hours found 10 viruses and 28 infected objects, but crashed before I got the report. Here are my dss logs and thank you in advance for any help provided. It will be greatly appriciated.First the Main log:Deckard's System Scanner v20071014.68Run by Chris on 2008-05-17 23:48:03Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --70: 2008-05-18 03:48:31 UTC - RP772 - Deckard's System Scanner Restore Point69: 2008-05-17 12:27:06 UTC - RP771 - Software Distribution Service 3.068: 2008-05-17 02:45:16 UTC - RP770 - Restore Operation67: 2008-05-17 02:40:50 UTC - RP769 - Restore Operation66: 2008-05-17 02:35:53 UTC - RP768 - Restore Operation-- First Restore Point -- 1: 2008-05-10 21:56:02 UTC - RP703 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 255 MiB (512 MiB recommended).-- HijackThis (run as Chris.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:50:10 PM, on 5/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\win... Read more

A:Infected With 10 Viruses(not-a-virus.downloader.win32.winfixer.x, Not-a-virus.downloader.win32.winfixer.al, Not-a-virus.pup, Tr...

Hello BD6627 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 7 answers
RELEVANCY SCORE 82.8

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 82.8
A:Infected with Win32.Downloader.Agent.dlmu

Since original poster deleted his initial post this topic has been closed.

Read other 1 answers
RELEVANCY SCORE 82.8

Hello,It appers that I have been infected with this Trojan Downloader:win32/ZLOB.AVS. I have also received a warning about spyworm.win.32. Please see my logfile below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:08:22 PM, on 10/18/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16757)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Applications\iebtm.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\ESET\nod32kui.exeC:\Windows\System32\rundll32.exeC:\Program Files\MySecretFolder XP\MSFMON.exeC:\Windows\SOUNDMAN.EXEC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Launchy\Launchy.exeC:\Program Files\HACE\Mmm\Mmm.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Applications\wcm.exeC:\Program Files\Applications\iebtmm.exeC:\Program Files\Applications\wcs.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Sear... Read more

A:Infected with Trojan Downloader:win32/ZLOB.AVS

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computerhttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.Since it's been two weeks and malware can change quickly, post a new HJT log. Thanks

Read other 2 answers
RELEVANCY SCORE 82.8

Symptoms:Background replaced with spyware notification."Windows Security Alert" pops up periodically saying that a windows firewall has detected activity of harmful software"Enable protection link" to spyware removal program.Bit Defender (housecall had problems with download)McAfee StingerAlso known as Trojan-Spy.HTML.Bankfraud.dqI have run:AdawareSpybotCleaned temp filesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:04:06 AM, on 8/24/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hp\QuickPlay\QPService.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Windows M... Read more

A:Infected With Trojan-downloader.win32.agent.bq

Hello Blue97 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 13 answers
RELEVANCY SCORE 82.8

Hello -

I hit a website from a Google search and got a suspicious message to launch an anti-virus program that I didn't recognize. I tried to run an anti-virus program I own (I think it was Webroot Spysweeper), but it froze after an hour, and everything on the system slowed to a crawl.

Guessing that I was seriously infected, I immediately used restart to shut down the computer and reboot to my D partition that has a different installation of Windows so that I could take a look and run some anti-virus and anti-malware programs. I had to shut down processes because the system was not allowing me to shut down Spysweeper.

I ran AdAware and MalwareBytes and got these messages. Since two of the messages indicating removal of an infection mention Spysweeper, I wonder if it didn't infect that program while it was running:

ADAWARE -
Description: c:\program files\webroot\spy sweeper\wrlzma.dll Family Name: Trojan.Win32.Agent.abzlz Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: ba0b594d32a6c43f9e01162aa5e75d3d
Description: i:\program files\webroot\spy sweeper\wrlzma.dll Family Name: Trojan.Win32.Agent.abzlz Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: ba0b594d32a6c43f9e01162aa5e75d3d
Description: i:\windows\system32\wrlzma.dll Family Name: Trojan.Win32.Agent.abzlz Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: ba0b594d32a6c43f9e01162aa5e75d3d
Description: c:\system volume... Read more

A:Infected with Trojan-Downloader.Win32.Lukicsel.A?

I should add that I rebooted and allowed AdAware to delete as many of the files as it could as the system booted to my second drive.Here are the contents of the suspicious directory - note the very odd (and out of place) application files residing here. I was definitely not running the GoToMeeting Installer or Quicktime, etc. when I had to shut down. I also don't recall ever seeing this directory before on my computer or any other computer.Thanks,SoCalBob

Read other 2 answers
RELEVANCY SCORE 82.8

HeyI consider myself a very experienced user, and hence can usually get rid of most stuff on my own but this time I seem to have come across a particularly elusive virus/trojan on my system. Yes I got it from P2P file sharing and I understand the risks involved.Anyway, I noticed this first start when I opened a keygen -- Kaspersky noticed the virus and tried to stop it -- and then a mysterious processes tried to start sending data and I used Kaspersky to disallow that and to terminate the processes. However -- it's unable to keep the processes terminated permanently....the process just restarts itself again and trys to get through. So what I get is a fight between my anti-virus and this trojan for a period of a few minutes and then the trojan goes inactive for an unknown interval before it tries to fight Kaspersky again. The reason why kaspersky and the virus "fight" is because I told it to perform the same action (terminate and deny internet access) everytime it detected the trojan.Also of note: Ive seen mozilla firefox open a window on its own a few times (not often) but thats all that happens.I am going to post my kaspersky log as well as the logs in the "pre-post" instructions because I think the kaspersky notes will be helpful. KASPERSKY LOGSdeleted: Trojan program Trojan-Downloader.Win32.Zlob.knt File: C:\Users\Brian\AppData\Local\Mozilla\Firefox\Profiles\93x9ahv1.default\Cache\EC46F395d01deleted: Tro... Read more

A:Infected With Trojan-downloader.win32.delf.gas

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.

Read other 5 answers
RELEVANCY SCORE 82.8

I found out i am infected of Trojan-Downloader.Win32.Agent.zdo. Please help don't know how to remove from my laptop. My antivirus was Norton antivurs not able to detect it but Kapersky online scan did.

A:Infected With Trojan-downloader.win32.agent.zdo

I have already responded in your other thread here. Please do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.This thread is closed. If you have any questions. Please PM me or another Moderator.

Read other 1 answers
RELEVANCY SCORE 82.8

Hi,
 
After I visited a cnet download page, I've been noticing some random windows popping up on my computer and some web text being turned into hyperlinks. Also, some pages get redirected to www.redirsvc.com/.... and some program named Mobogenie keeps opening and pinned itself to my taskbar. I also have stuff I don't recognize (Connect DLC 5 and Conduit) showing up in my Program Files.
 
I tried uninstalling some unfamiliar programs using Control Panel (SweetPacksIM, Conduit, Mobogenie, and some IE toolbar) and used Eset's online scan which also removed Win32/Bagle.gen.zip worm and more SweetIM files. Spybot S&D tried to remove the Win32.downloader.gen (which no other online scan I ran noticed was present on my pc), but couldn't (even when I ran it as an admin).
 
Was hoping you might be able to help.
 
Thanks!
 
Here is my DDS.txt file (other file is attached):
 
___________________________________
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by admin at 9:28:38 on 2014-01-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4048.2193 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32... Read more

A:Possibly infected with Win32.downloader.gen and other issues

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 5 answers
RELEVANCY SCORE 82.8

Hello and thanks in advance for your help.I've been looking through the different forums to see if I can find any "fixes" on my own but then realized...it's probably best to leave it to the experts! So here are the details...1. The other day Avast informed me that a site I was visiting was infected with "JS:Downloader-JA[Trj]" and that it moved to the "Chest." I opened Avast and noticed that 2 others "viruses" were in there as well...JS:Agent-AV[Trj] and Win32:Trojan-gen{other}.2. After that I tried to run MBAM but it didn't work. I recieved 2 error messages... 1. VbAccelerator SGrid11 Control Run.time Error '0' 2. Run-time Error '440' Automation Error3. When MBAM didn't work I attempted to come to the BC site but IE said "No Connection" or it wouldn't load. So I shut down and restarted again.4. Since getting the notification of the first virus, when I close my Office Email and Calendar the icons still show in the "Notifications Area" and they are still active in the processes tab of the Task Mgr.5. I have used CCleaner in the past to clean up my computer and uninstall programs but have noticed recently each time I use it, and on the next reboot, my computer completely freezes where only the mouse works. Also, on the "blue ball" for Avast, there is a "red circle with a line through it." The only way to "unfreeze&quo... Read more

A:Infected with JS:Downloader-JA[Trj] and JS:Agent-AV[Trj] and Win32;Trojan-gen{other}???

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 25 answers
RELEVANCY SCORE 82.8

Hello,Here is my Hijackthis log. I also posted my Kaspersky Virus Scan after the hijack log.Logfile of HijackThis v1.99.1Scan saved at 8:17:37 PM, on 6/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay133.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170487982574O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170532885198O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by133fd.bay133.hotmail.msn.com/activex/HMAtch... Read more

A:Infected With.....trojan-downloader.win32.zlob.bvp

hello what-the?,

Sorry for the delay, it's been pretty busy here lately. If you still need help, please post a new Hijackthis log, I'd be happy to take a look at it for you.

The Hijackthis log you posted is missing almost all many of the entries. Please make sure you post the entire Hijackthis log.

Read other 4 answers
RELEVANCY SCORE 82.8

I have a Trojan Downloader named WIN32/RENOS.JM, and it keeps downloading Trojans, which my Kaspersky Anti-Virus 2010 blocks, but in my Windows Defender it keeps popping up that I have malicious software, and it names it. However, Kaspersky doesn't find it when I do a scan. Whenever I click Quarantine in the Windows Defender it goes away but comes back later. How can I get rid of this Trojan?This is my DDS Report:DDS (Ver_09-12-01.01) - NTFSX64 Run by owner at 22:32:49.72 on Tue 02/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2607 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceSer... Read more

A:Infected with WIN32/RENOS.JM Trojan Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

I cannot get rid of the 5 files listed below. I can't find them even viewing hidden files. I am completely confused at how I can't get to these and would love for one of you wonderful people to help me. This is my mother's computer and I've spent all day cleaning it, but these last 5 files I just can't get.
Scan critical areas : completed
-------------------------------
Scanned: 2207
Detected: 5
Untreated: 5
Start time: 4/17/2008 7:46:21 PM
Duration: 00:01:50
Finish time: 4/17/2008 7:48:11 PM
Detected
--------
Status Object
------ ------
detected: new threat Hidden.Object (modification) File: C:\WINDOWS\system32\clb.dll
detected: new threat Hidden.Object (modification) File: C:\WINDOWS\system32\clbcatex.dll
detected: new threat Hidden.Object (modification) File: C:\WINDOWS\system32\clbcatq.dll
detected: new threat Hidden.Object (modification) File: C:\WINDOWS\system32\clbcfg.dat
detected: Trojan program Trojan-Downloader.Win32.Small.ulq File: C:\WINDOWS\system32\clbdll.dll
Events
------
Time Name Status Reason
---- ---- ------ ------
Statistics
----------
Object Scanned Dangerous objects Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- ----------------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Recommended
... Read more

A:Infected With Trojan-downloader.win32.small.ulg

Don't try to do anything with these files you find, a trained expert or a trusted program should the only thing that tries to remove themOpen My Computer.Go to Tools > Folder Options.Select the View tab.Scroll down to Hidden files and folders.Select Show hidden files and folders.Uncheck (untick) Hide extensions of known file types.Uncheck (untick) Hide protected operating system files (Recommended).Click Yes when prompted.Click OK.Close My Computer.now they should show upclbdll.dll is the one I want you to findhttp://virusscan.jotti.org/use the browse buttin and navigate to the system 32 folder and submitafter the scan completes copy and paste the results into a reply please

Read other 1 answers