Over 1 million tech questions and answers.

Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Q: Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one virus that it says and then lead you to another site with a virus scan but I got rid of those I think. The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when I tried starting it the computer would restart on it own and do it everytime I tried starting it. I ran VundoFix and that seemed to fix most of my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook, Adware Zeno search assistant, enbrowser, sidebyside search and a spycookie Aff6007 cookie. My internet is still acting funny, like when I try to play games on Pogo it says Applet(s) in this HTML page requires a version of Java different from the one the browser is currently using. In order to run the Applet(s) in the HTML page, a new browser session is required. Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans. Why did McAfee Internet Security stop these problems? Everytime I run my virus scan it says I am clean, as well as spybot and ad-aware. The only one that says I have a problem is SpySweeper. Any suggestions would be greatly appreciated, sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance.Logfile of HijackThis v1.99.1Scan saved at 7:31:48 PM, on 4/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\zHotkey.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\PROGRA~1\Yahoo!\browser\ybrwicon.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Common Files\AOL\1134884519\ee\AOLSoftware.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\mcafee.com\mps\mscifapp.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Microsoft Office\Office\OSA.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exec:\program files\common files\aol\1134884519\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exec:\program files\common files\aol\1134884519\ee\aolsoftware.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dslR3 - Default URLSearchHook is missingF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exeO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dllO2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [CHotkey] zHotkey.exeO4 - HKLM\..\Run: [ShowWnd] ShowWnd.exeO4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exeO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeO4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134884519\ee\AOLSoftware.exeO4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLYO4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\system32\aupdate.exeO4 - HKLM\..\Run: [qbbpkfvA] C:\WINDOWS\qbbpkfvA.exeO4 - HKLM\..\Run: [4241414646464B4] 4140404545454.exeO4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYS99.exeO4 - HKLM\..\Run: [ms066734-65795] C:\WINDOWS\ms066734-65795.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embeddingO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startupO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintrayO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exeO4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quietO4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /RO4 - HKCU\..\Run: [opmrket] C:\WINDOWS\opmrket.exeO4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk144BQUSO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dllO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cabO16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple.com/TSWeb/msrdp.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.39/ttinst.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cabO20 - Winlogon Notify: jkkjj - jkkjj.dll (file missing)O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXEO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

RELEVANCY SCORE 200
Preferred Solution: Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 10 answers
RELEVANCY SCORE 139.2

Hi, I had ran several anti virus and spyware removal programs such as the spyware doctor, the f-secure anti virus and the microsoft security scanner, to remove the above trojan horses to no avail. All the programs were able to detect the malwares but even after applying their solutions, the malwares will appear again even after an immediate rescan of the system. The Trojan.virtumode seems to be removed after i used a program called VundoFix, but i'm not really sure.. so i included it in the topic title just in case. Below is my log file obtained using hijackthis. My exams are a few days away and i really need my com to be working properly and free from irritation to be able to study. Your help will be greatly appreciated!! THANKS!!By the way, i did try disabling system restore and do all the scans again. But it just doesnt work! Please Please Please Help THANKS!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:52:14 AM, on 11/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\... Read more

A:Infected With Trojan-downloader.conhook And Trojan.virtumode

Please do the following:Download ComboFix Save to the Desktop. <<<Important!!Now, go to Start > Run, and copy/paste the following single line command in the Open box: "%userprofile%\desktop\combofix.exe" /killall Example:Click:OKFollow the prompts. Then type 1 and press Enter to begin the scan.Do not mouse-click the ComboFix window while it runs. It may cause it to stall.When finished, a log, ComboFix.txt, is produced.~~~~Run HijackThis once again to obtain a new log.~~~~Please provide the contents of the ComboFix log , and the new HijackThis log in your reply.

Read other 10 answers
RELEVANCY SCORE 127.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 126.8

I am attempting to remove this virus from my sister's computer and nothing will remove it. I have tried AdAware, SpyBot and Ewido. The only program that can find it is SpySweeper and the trial version will not remove it. I looked through the other posts on this subject and I do not share any of the files that the other users had to remove. Here is the Hijack This log. Thanks in advance. Logfile of HijackThis v1.99.1Scan saved at 8:10:12 PM, on 4/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\Explorer.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B... Read more

A:Infected By Trojan-downloader-conhook

Hello oujosama and welcome to the BC HijackThis forum. It appears that this log was made while in Safe Mode. Since this can hide many of the running processes that might be causing problems I need you to do the following.Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTERI will review your log when it comes in. Also please include the information from the SpySweeper scan.OT

Read other 1 answers
RELEVANCY SCORE 126

I need help,

i seem to have been infected by a spyware thats making my PC run slow. Other symptoms have been, my desktop screen background keeps changing colors. Ads pop up from time to time, and i get a message that some process is trying to connect to the internet.

I downloaded Vundofix.exe and it seemed to remove jkkl.dll but on reboot it reappeared when i scanned it with PC Doctor. Now when i run PC doctor i get the following files infected

Trojon.Virtumonde
C:\windows\system32\ddayv.dll
C:\windows\system32\gebyx.dll
C:\windows\system32\pmkjj.dll
C:\windows\system32\sstqn.dll

and then two other categories
Application.Net_Spy_Pro
Trojan-Downloader.ConHook

What do I do to get rid of these. Please help

S
 

Read other answers
RELEVANCY SCORE 124.4

Hello,
I found my computer behaving oddly. While my regular Symantec wasn't showing anything, i did an online Kaspersky scan and it showed the following Trojans. Would really appreciate if you could please show me how to get rid of these, given that my regular anti-virus is not able to.
I have also posted my Hijack log after the kaspersky report.
Thanks!

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, June 14, 2006 5:42:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/06/2006
Kaspersky Anti-Virus database records: 188561
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 173806
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 02:09:01

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\125ize.dll Infected: Trojan-Downloader.Win32.ConHook.aa skipped
C:\WINDOWS\system32\gebcdaw.dll Infected: Trojan-Downloader.Win32.ConHook.ab skipped
C:\WINDOWS\system32\vturr.exe Infected: Trojan-Downloader.Win32.ConHook.ab skipped

Scan process completed.
--------------------... Read more

A:Trojan problem : Trojan-Downloader.Win32.ConHook.aa

Read other 11 answers
RELEVANCY SCORE 122.4

I wasn't aware of any problem until my Symantec Antivirus program stopped automatically scanning my computer. I tried to run it manually and gave me a message that said it wasn't installed properly. I googled the error message and found that it was a Trojan of some sort and that I should run a Panda scan. I ran a Spyware Doctor scan aswell which came back with Trojan.Agent and Trojan-Downloader.ConHook.

Here are the DDS results:
DDS (Ver_09-01-19.01) - NTFSx86
Run by george at 21:34:58.53 on Thu 01/29/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.108 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Trojan.Agent and Trojan-Downloader.ConHook

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 122.4

I use Spy Sweeper to scaned my PC, and found those two items: Trojan Slcakbot, Trojan-downloader-conhook, and the IE window keep pop up. I tried eveything I could, but still can not get rid of those two viruses. Can someone please tell me how to clean those viruses from my PC. Thanks

Here is the log fiie from HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:14:41 AM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Progra... Read more

A:Please help: Trojan-downloader-conhook and Trojan Slcakbot

Read other 6 answers
RELEVANCY SCORE 120.8

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 118.4

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 118.4

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 116

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 111.2

I use Norton Corporate Edition as my anti-virus. I keep getting a symantec AntiVirus Notification which states:
Virus name: Downloader
File: C\WINDOWS\system32\kbd866.dll

Have been unable to find how to remove this. I then ran a bitdefender scan. It found 4 viruses and 22 infected files. It was able to delete all except the following.
Bitdefender says that I have the following file infected with Tojan.Downloader.Conhook.P

C:\WINDOWS\system32\mljgecc.dll

Is there a way to remove this virus? and is it the same one than Norton found? Thanks
 

A:Trojan.Downloader.Conhook.P

Read other 13 answers
RELEVANCY SCORE 111.2

Spyware Doctor found:

Comet Cursor
Virtumonde
Trojan.Downloader.Conhook
Downloader.PopCap!sd5

My comp has been growing ever slower lately and now takes 30 seconds just to open a Word document; this used to be about 5 seconds.

Here's my log:

ComboScan v20070306.20 run by payzanpw on 2007-03-16 at 13:11:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as payzanpw.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:11:30 PM, on 16-Mar-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.... Read more

A:Trojan.Downloader.Conhook, et al

Hello and welcome to TSF.

Please go to Start>Control Panel>Add/Remove programs and delete the following software:

SoftwareOnline
Registry Cleaner

=============================================================

Disable Spywareguard so that it will not interfere with the fixes.

Right click the running icon of Spywareguard in the tray in the lower right corner.It will open the program.
Go to Menu>file>exit.
Confirm that the program is closed.

==============================================================

Please download Combofix and save it to your desktop.

* IMPORTANT !!! Place it on your Desktop.

===============================================================

Scan with HijackThis and put a checkmark against the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {60DB71BD-AAA2-4D6A-BAA7-55D0CEDD24C3} - C:\WINDOWS\vaatpi.dll
O20 - Winlogon Notify: vaatpi - C:\WINDOWS\vaatpi.dll

Close all browsers and windows and click on "check fixed". Exit HijackThis.

===============================================================

Go to Start -> Run and then paste in the following single line command in red & click OK"%userprofile%\desktop\combofix.exe" /v vaatpi

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shal... Read more

Read other 13 answers
RELEVANCY SCORE 111.2

I am infected with a trojan-downloader-conhook according to spy sweeper. I have not yet upgraded to the full version, but from what I understand, spy sweeper does not fully remove the problem. McAfee, PcCillin, and others find nothing. System restore is currently shut off.If i run Lavasoft Ad Aware my computer shuts off and re-starts.Here is my Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 6:39:10 PM, on 8/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\WINDOWS\wt\wcmdmgr.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:�... Read more

A:Can't Get Rid Of Trojan-downloader-conhook

Hello,Since you use the trial version of spysweeper and didn't purchase it, I recommend you uninstall it since it doesn't remove anything. So there's no need to have it running in the background either.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmO2 - BHO: (no name) - {3564123f-e15d-4319-910a-bfab2fe84676} - C:\WINDOWS\SYSTEM32\iespcn.dllO4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start <== not requiredO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000O20 - Winlogon Notify: iespcn - C:\WINDOWS\SYSTEM32\iespcn.dllO20 - Winlogon Notify: ipxm32 - ipxm32.dll (file missing)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Don't worry if some entries won't get fixed.Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.In case it says that nothing was been found, Right click the list box (white box) in the main VundoFix window.Select ?Add... Read more

Read other 2 answers
RELEVANCY SCORE 111.2

Constant pop-ups. Spyware doctor has detected trojan.downloader.conhook, winfixer, and other stuff. Nothing sems to be able to eliminate the cause.

Logfile of HijackThis v1.99.1
Scan saved at 4:04:14 PM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program ... Read more

A:trojan.downloader.conhook HELP PLEASE!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open -... Read more

Read other 1 answers
RELEVANCY SCORE 111.2

I seem to have a browser hijacker. I ran bitdefender & it found Trojan.Downloader.Conhook.P .

I already ran VundoFix and Removed what Vundo recommended and rebooted.
Here are the contents of C:\vundofix.txt:
VundoFix V5.1.5
Checking Java version...
Java version is 1.4.2.3
Scan started at 7:10:45 PM 7/24/2006
Listing files found while scanning....
C:\windows\system32\iasalc.dll
Beginning removal...
The process smss.exe was successfully stopped
The process winlogon.exe was successfully stopped
The process explorer.exe was successfully stopped
The process iexplore.exe was successfully stopped
The process rundll32.exe was successfully stopped
Attempting to delete C:\windows\system32\iasalc.dll
:\windows\system32\iasalc.dll Has been deleted!
Performing Repairs to the registry.
Done!

Here is the log file for HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 8:35:50 PM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svc... Read more

A:Trojan.Downloader.Conhook.P

Read other 7 answers
RELEVANCY SCORE 111.2

I recently ran a Spysweeper scan and it came back with Trojan-Downloader-Conhook. I cleaned it and deleted it... and for the hell of it, I ran the same scan again, and it was back again!! Is there anything you guys can do to help? Just a few days ago, I had the newer Vundo variant on my computer, but followed one of your forum links to clean it... if there is anything you can do to help, I'd greatly appreciate it, thanks! Here is my Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:50:57 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Fil... Read more

A:Help with Trojan-Downloader-Conhook

Read other 7 answers
RELEVANCY SCORE 111.2

My husband is an idiot and downloaded something he shouldn't have off the web. By the time I got to the computer, we were infected with a multitude of malware, including Trojan-Downloader Small, Trojan Generic, Virtumonde, Trojan.Agent.AOY, and fotomoto. I ran AdAware, but that did little good. I then repeatedly ran SpyDoctor from PC Tools, and also used VundoFix and VirtumondeBegone. After a couple of days, I came up with two clean scans, even after reboot. But then I unlocked my Firewall and got back on the Internet, and the next time I scanned again I had two infections of Trojan.Downloader.Conhook. SpyDoctor supposedly cleaned it again, but now I'm back on the internet and I've already gotten several pop-ups, so I'm sure Conhook is still there. Help! Here's my last Hijack This scan.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:26 AM, on 12/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS ... Read more

A:Conhook Trojan Downloader

If it helps at all, I just ran another SpyDoctor (this time just an intelliscan, rather than a full scan, and it came up with two Trojan-Downloader.Conhook infections, located in some "HHKEY" which had the name "Juan" in the name. I now have supposedly cleaned them (again). Now my HijackThis log looks like this. Haven't rebooted or anything.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:03:51 AM, on 12/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\rundll32.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exeC:\WINDOWS\vVX3000.exeC:\Pro... Read more

Read other 25 answers
RELEVANCY SCORE 111.2

Yet another Trojan...ARGH! SpySweeper has found this in my current scan - trojan-downloader-conhook. Can SpySweeper remove this? If not, I'll run a HJT scan and post the log in just a few minutes. The SpySweeper scan is still completing.

This Trojan came in an email. I knew someone with the same initial and last name in the sender's email address, but obviously it wasn't from the person I knew. The email was blank when opened and gave me a nice Trojan gift.

Be back soon.

Knitter
 

A:Trojan-downloader-conhook

Read other 16 answers
RELEVANCY SCORE 111.2

how do i remove this trojan and what does this trijan do to my computer?please help <------------ this dude out
 

A:trojan downloader conhook

Read other 8 answers
RELEVANCY SCORE 111.2

I have been having a lot of winantivirus pro 2006 pop ups, telling me my computer has been infected and to download their program (which I have not). I am new to this so I may need some help. I ran all of the recommended programs: Bit Defender found the following but could not remove it...BitDefender Online Scanner Scan report generated at: Fri, Jul 07, 2006 - 21:48:53 Scan path: C:\;D:\; Statistics Time 01:31:24 Files 763135 Folders 7181 Boot Sectors 4 Archives 5256 Packed Files 87760 Results Identified Viruses 1 Infected Files 1 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 0 Engines Info Virus Definitions 406503 Engine build AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38) Scan plugins 13 Archive plugins 39 Unpack plugins 5 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\WINDOWS\system32\dsn861.dll Infected with: Trojan.Downloader.ConHook.R C:\WINDOWS\system32\dsn861.dll Disinfection failed C:\WINDOWS\system32\dsn861.dll Delete failed ------------------------------------------------------------My hijackthis log is as follows:Logfile of HijackThis v1.99.1Scan saved at 11:39:11 PM, on 7/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.0... Read more

A:Trojan.downloader.conhook.r

Hi Roses17928 -Welcome to BleepingComputer! Pleas do the following.? We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender* Click on Tools, General Settings* Under Real-time protection options, unselect the Turn on real-time protection check box* Click SaveNote: After all of the fixes are complete it is very important that you enable Real-time Protection again.? Download VundoFix.exe and save it to your desktop.- Double-click VundoFix.exe to run it- Put a check next to Run Vundo Fix as a task- You will receive a message saying Vundofix will close and re-open in a minute or two- Click OK- When VundoFix re-opens, click the Scan for Vundo button- Once it is done scanning, click the Remove Vundo button- You will receive a prompt asking if you want to remove the files- Click YES- Once you click YES, your desktop will go blank as it starts removing Vundo- When completed, it will prompt that it will shutdown your computer- Click OK- Turn your computer back on.Please run VundoFix only one time.If you run it more than one time, you will overwrite the original log which is generated when it was run the first time.? Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Read other 6 answers
RELEVANCY SCORE 111.2

Hi there, this is my first post and it`s a cry for help.
I have Norton 360 installed which automatically updates, however, just recently the pc started running very slow on start up and even more recently ( this week) i have been plagued with pop ups, most of which appear to be warning me of spyware and adware and that i am at risk. !!!! Now, i`m not brilliant with pc`s, in fact ive only just found out that being pc literate doesnt mean spelling computer with a `K`, or not. Despite this semi neanderthal state i have not clicked on any of the pop ups but have looked aroung the interweb for advice. I have tried several free scan sites such as Trendmicro and have found that i am infected with shed loads of stuff but have managed to delete quite a lot and am now apparently infected with a trojan called `downloader.conhook ` .
There are as you know , a number of sites claiming to be the dogs goolies at cleaning your pc, one i have looked at ( the one which told me i had conhook) is called ScanSpyware and it claims it can remove conhook.
My question is this.. ( i can almost hear you saying ` get on with it for goodness sake `)
Does anyone have experience of this site and does it work ?

My other question is.. From what i have read on this forum, it appears that i cannot rely on Norton alone for protection from these malicious infections. So.. what do i need to do/download etc? in order to be safe®.

Oh , also...( i can defini... Read more

A:Trojan-downloader.conhook

Hello piggy Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.NextPlease do an online scan with Kaspersky WebScannerClick on Accept ButtonYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My ComputerThis will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:Save the file t... Read more

Read other 2 answers
RELEVANCY SCORE 111.2

I have been wrestling with virtumonde and now conhook. I've renamed several of the 8 character odd dll's to dl1 and have improved my pc performance but then conhook began showing up when I run spydoctor. It always says it cleans it but then it's back. I've run HiJackThis and have included the log file. Can you please help me? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:59:03 PM, on 3/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\... Read more

A:Trojan-downloader conhook

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 111.2

Need help in removing trojan downloader conhook. Pop-ups are constantly appearing and the computer has considerably slowed down. I'm stuck. Help!

A:Trojan Downloader Conhook

Please download http://www.atribune.org/content/view/24/2/to your desktop.Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.--------------------------------------------------------------------------------Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modeh... Read more

Read other 1 answers
RELEVANCY SCORE 111.2

I got a message from my spysweeper run that I had a trojan-downloader-conhook virus. I let spysweeper clear it out, but it showed back up a couple of days later. Can anyone see anything in my hijack log that is indicating that this is still in the system. Thanks in advance for any suggestions. joyjgLogfile of HijackThis v1.99.1Scan saved at 9:18:35 AM, on 7/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\eMachines Bay Reader\shwiconem.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exec:\program files\mcafee.com\agent\mcagent.exeC:\WINDOWS\SM1BG.EXEc:\program files\mcafee.com\agent\mcdetect.exeC:\WINDOWS\system32\ptrun32\ptrun32.exec:\PROGR... Read more

A:Trojan-downloader-conhook

Hi joyjgYour log looks good, but let's run one online scan to be sure:Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.Send also a fresh HijackThis log.

Read other 10 answers
RELEVANCY SCORE 110.4

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 110

Hope someone can help. Spysweeper keeps finding Virtumonde and Trojan-downloader-conhook on every sweep but can't get rid of them. Please help. Here is my hijackthis file.Logfile of HijackThis v1.99.1Scan saved at 9:58:04 PM, on 10/29/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\gearsec.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Commo... Read more

A:Virtumonde And Trojan-downloader-conhook

Welcome to BleepingComputer, sarabtown:After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.1. Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in a temporary folder you run the risk of accidentally deleting the backups or it clutters your desktop with all the backups. If you use Windows XP it might be that you just double clicked on the file HijackThis.exe, but that only extracts the file to a temporary folder. Please select the file and Extract it to a folder.How do you make a permanent folder:Click "My Computer", then "C:\" and then on "Program Files".In the menu bar, "File"->"New"->"Folder".That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".Now you have "C:\Program Files\HijackThis". Put your HijackThis.exe there.2. Please disable SpySweeper, as it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.To disable SpySweeper:Open it, click > Options over to the left then > Program Options > Uncheck "load at windows startup".Over to the left click "shields" and uncheck all there.Uncheck "home page shield... Read more

Read other 7 answers
RELEVANCY SCORE 110

i am so new at this so please bear with me. after two days of looking and alote of reading i have found 2 badies in my computer one was the Virtumondo.C i found a program to get rid of that for me called weberoot spy sweeper. i only have it for 14 days i can not buy it. i have no credit card or bank account. ok well it would seem that between my 5 programs they have found the trojan-downloader-conhook now not one of them seem to be able to get rid of it. the sweeper finds them and gets rid of it. but i run it again and the trojan i right back. can someone please help me. i do not have the money to pay someone to fix it or buy a program to fix it. here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:33 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe... Read more

A:Solved: help getting rid of trojan-downloader-conhook

Read other 10 answers
RELEVANCY SCORE 110

hi people i need some help getting rid of this thing here is my hijack this log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:59, on 27/08/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\WINDOWS\system32\CTsvcCDA.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\WINDOWS\syste... Read more

A:[SOLVED] conhook trojan downloader

this is the hijackthis log file after using vundo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:19, on 27/08/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
F:\WINDOWS\system32\CTsvcCDA.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
F:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
F:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
F:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
F:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
F:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
F:\Program Files\F-Secure Internet Security\backw... Read more

Read other 4 answers
RELEVANCY SCORE 110

hi i seem to have this trojan that won't go away even though f-secure seems to delete it but when i restart it comes back everytime, here is my hijack this log anyway please please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:26:49, on 05/09/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeF:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeF:\WINDOWS\system32\spoolsv.exeF:\Program Files\Common Files\Symantec Shared\ccApp.exeF:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeF:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXEF:\WINDOWS\system32\CTHELPER.EXEF:\Program Files\HP\hpcoretech\hpcmpmgr.exeF:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exeF:\Program Files\Hewlett-Packard\HP Software Update�... Read more

A:Trojan-downloader.win32.conhook.bg

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chinner My name is Richie and i'll be helping you to fix your problems.You have F-Secure Internet Security and Norton AntiVirus installed.Its definitely not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.If you decide to uninstall Norton,if there?s no uninstaller available in Add\Remove Programs then you??ll need to download and run the Norton Removal Tool:http://service1.symantec.com/SUPPORT/tsgen...005033108162039*Please Note:*The Norton Removal Tool will remove all Norton/Symantec products from your pc.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and sa... Read more

Read other 11 answers
RELEVANCY SCORE 110

Iīm getting loads of pop-ups caused, I think, by this trojan.
AVG, ad-aware, and spybot canīt get rid of the problem.

Having ran HijackThis, I think c:\windows\system32\eulsvc.dll is the culprit but I could do with some confirmation on this.

Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:12:14, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime... Read more

A:Solved: Trojan.downloader.conhook

Read other 11 answers
RELEVANCY SCORE 110

I continue to struggle with, first virtumonde, then conhook. I do see MS Juan in my system as well. I have deleted several of the 8 character dll's after renaming them and restarting my system several times. I use spy doctor. If I run it logged in as myself (I have admin rights), it does not find anything. If I log in as with my wifes login with only power user rights, spy doctor finds Trojan-downloader.conhook. It always says it fixes it but it's back on the next startup. Can you help?

DDS.txt
DDS (Ver_09-02-01.01) - NTFSx86
Run by terrys at 20:37:07.98 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.667 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\... Read more

A:Trojan Downloader conhook and virtumonde

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 13 answers
RELEVANCY SCORE 110

HiI am running on Windows XP SP2, i have spyware doctor installed and it has picked up Trojan.downloader.ConHook. I fix the problem with the fix on the program but on startup and full system scan it still picks it up. I also have Norton internet security all these programs are up to date. I am quite frustrated that the programs i have paid money for are not doing the job they were intended for. Please helpI have also pasted the HJT log. i really appreciate the assistance.Logfile of HijackThis v1.99.1Scan saved at 04:38:42 PM, on 2007/07/20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\... Read more

A:Trojan.downloader.conhook Cannot Be Removed....help Please!

Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 13 answers
RELEVANCY SCORE 110

Hi, I'm trying to fix a friend's laptop computer that is infected with viruses. I ran PC Tools Spyware Doctor which found the following:
I sure would appreciate any help!

Trojan.Downloader.Conhook (11 infections)
Common Components for 180Solutions items (3 infections)
Rootkit.Agent (33infections) and
Zango Search Assistant (9 infections)

The HijackThis Log is

Logfile of HijackThis v1.99.1
Scan saved at 3:30:35 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aliant\Aliant Security Services\fws.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doc... Read more

A:Solved: trojan.downloader.conhook and others

Read other 13 answers
RELEVANCY SCORE 110

protector plus 2007 is showing the w32/conhook.Aa.downloader.trojan the infected file is c:\windows\system32\getxec.dll when pp2007 tries to delete the file access is denied.I have tried to delete it manually and the message that the file is in use and cannot be deleted pops up. I have also attempted to manually delete the file in safe mode with no luck. The computer shuts down when I try to run adaware se.

thanks in advance for any help
HijackThis v1.99.1
Scan saved at 10:56:04 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1124314607\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\PROTEC~1\PPTbc.EXE
C:\PROGRA~1\PROTEC~1\PPInupdt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\SPAMCH~1\SPCKMAIN.EXE
C:\Program Files\MUSICMATCH\MUSI... Read more

A:removal of w32/conhook.Aa.downloader.trojan

Read other 16 answers
RELEVANCY SCORE 109.2

Hey Guys,Hope everyone is well.My computer has contracted a trojan and i'm struggling to deal with it. Its screwed up my internet and slowed everything right down. I've run a few scans. One with DSS and StopSign. Here are the logs..starting with Deckard including HiJack. This first log is from the main.txt file.Deckard's System Scanner v20071014.68Run by Altug on 2008-04-29 20:45:58Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --16: 2008-04-29 19:12:58 UTC - RP142 - Windows Update15: 2008-04-25 11:27:30 UTC - RP141 - Windows Update14: 2008-04-24 21:26:17 UTC - RP140 - Scheduled Checkpoint13: 2008-04-23 08:50:15 UTC - RP139 - Windows Update12: 2008-04-22 20:30:15 UTC - RP138 - Scheduled Checkpoint-- First Restore Point -- 1: 2008-04-08 18:46:55 UTC - RP127 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 1014 MiB (1024 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-29 20:51:28Platform: Windows Vista (6.00.6000)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\dwm.exeC:\Windows\System32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\... Read more

A:Infected With Trojan.virtumod.based. Scanned With Dss + Hijack, Can Anyone Help?

Hello!Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."Click the "Download" button to the right.Select the Windows platform from the dropdown menu.Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Intern... Read more

Read other 19 answers
RELEVANCY SCORE 108.8

Hi,My son downloaded a video codec & unwittingly installed a trojan popup (Trojan.Downloader.Codec.E?) which appears whenever you move around in windows explorer or open a new page in internet explorer. I have tried to get rid of it but failed and I would appreciate your help.I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc32.dll. I am reluctant to try and remove this myself without your advice.Below is the Bit Defender report followed by the Hijack This reportchrisssScanned File Status C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Disinfection failed C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Deleted C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Disinfection failed C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Deleted C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Detected with: Application.MWS C:\WINDOWS\Downloaded Program Files�... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry key... Read more

Read other 12 answers
RELEVANCY SCORE 108.8

hello,i've read most of the manuals here, and tried my best to scan and recover my pc. problem is, since i got infected by those trojans, i cannot use my antivirus/antispyware programs. they are instatnly closed as i open them. so i can't use AVG, Hijackthis, and others. i m not able to open websites that are connected to antivirus programs, with some exceptios.though i cant download and install them on my pc, even on safe mode - i managed to scan the pc online using Panda Active scan and bit defender. those have found hundreds of trojans and spywares on my computer. i have also used Search & Destroy ( with lil effect) and AdAware, but they weren't as effective as Panda and Bit Defender.although they have deleted quite a few, i stll cant access AVG , Hijackthis, and certain websites, including some of the forums here like HijackThis log Analysis (typical AVkiller.C work...).im writing this post from another computer, since i cannot enter the forum from mine.please advise me on how to clean my computer, and get rid once and for all of those pests. i've added some examples of the viruses found during the scan : (some could not be deleted)Panda's Active scan found: Virus:Trj/Downloader.MOW Disinfected C:\WINDOWS\system32\bxjoqoiabbjn.dll Bit Defender has discovered, but could not clean :C:\WINDOWS\system32\vpxyofsugazx.dllSuspected of: BehavesLike:Trojan.WinlogonHookC:\WINDOWS\system32\vpxyofsugazx.dllDisinfection failedC:\... Read more

A:Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More

i was directed to this forum by fozzie :[img] You have a nasty infection on hand Trojan-Downloader.Win32.Delf.pa (Trojan.Stwoyle) You will not be able to run HiJackThis unless a special tool will be utlised. Please post the panda report in the HiJackThis forum here and they will help you. This is a sophisticated tool which needs expertisewhat is this tool he is speaking of, and how can i utilise it?thank u for ur time.

Read other 11 answers
RELEVANCY SCORE 108.8

Hello, Hoping somone can point me in the right direction. Had no problems until this started quite suddenly. Started getting popups, slowing on and off, etc. Not sure how I picked it up, but it's persistant. I tried a couple of things before fnding this site. I'll post the kaspersky log, the HijackThis log and then the extra log. Thanks for any help you can offer._________________________________________________________________------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, May 27, 2008 10:36:49 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 27/05/2008 Kaspersky Anti-Virus database records: 801429-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: A:\ C:\ D:\ E:\Scan Statistics: Total number of scanned objects: 24239 Number of viruses found: 9 Number of infected objects: 21 Number of suspicious objects: 0 Duration of the scan process: 01:31:13Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0P8BU74B\css4[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.tsj skippedC:\Document... Read more

A:Trojan-downloader.win32.conhook.te/virtumonde

HiPlease Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

Read other 9 answers
RELEVANCY SCORE 108.8

Began developing popups about a week ago, popups of the "your computer is infected!" variety. In addition to links to antivirus 2009, getting popups to search engines, travel sites, and other stuff. Other scanners detect and dispose of viruses but they keep returning. PC is extraordinarily slow and often locks. This only happens on 1 of 4 different user accounts without administative privileges with WinXP sp2 and within that account, the hard drive continuously chugs. PC unable to boot in Safe Mode (to run Spyware Doctor with AntiVirus) because when trying to do so, my keyboard locks. I have tried two different keyboards that both work fine under any other circumstance. Have also gone thru your forum about how to speed up PC and get rid of excess stuff, incl dust, but problem persists only on that one account. PC is really fast now!

DDS (Version 1.1.0) - NTFSx86
Run by Marielle at 10:30:23.93 on Mon 01/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2412 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k L... Read more

A:antivirus 2009 and Trojan-Downloader.ConHook

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 108.8

Hi, I have having alot of problems with Norton popping up and saying that it has detected a virus on my computer but it can't repair the file. It says it is in C:\Windows\system32\dpnprf.dll. When it first found the file, there would be multiple pop-ups saying that different .tmp files were being created but Norton was deleting those. I updated my Norton and SpySweeper and ran scans, SpySweeper found it and said that it took care of it, but then it came back after about 15 mins. The only difference now is that the .tmp files are no longer being created. I just keep getting 2 pop-ups, one that says: Unable to repair this file and the other says: Access to the file was denied. Both message site the dpnprf.dll file. I downloaded ewido, updated it, then ran it in safe mode. It found 3 instances and I had it set to quarantine. Here is the log I was given afterwards:

--------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:56:15 AM 7/25/2006

+ Scan result:

C:\WINDOWS\system32\dpnprf.dll -> Downloader.ConHook.aa : No action taken.
[524] C:\WINDOWS\system32\dpnprf.dll -> Downloader.ConHook.aa : No action taken.
[620] C:\WINDOWS\system32\dpnprf.dll -> Downloader.ConHook.aa : No action taken.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\5AE84F7C.TMP -> Downloader.ConHook.ab : No action taken.
C:\WINDOWS\system32\ssqrpol.dll -&g... Read more

A:Solved: Trojan Removal; Downloader-conhook, can anyone help?

Read other 10 answers
RELEVANCY SCORE 108.8

I've been reading about this trojan and followed the advice downloading and installing ewido. Here are my ewido logs and the hijack this log. Can you tell me if I need to remove anythign through hijack this? Also, I have the trojan in quarentine right now - I am afraid to remove it because it might come back - - is that right or can I delete it from quarantene. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:09:35 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusc... Read more

A:Solved: trojan-downloader-conhook logs

Read other 15 answers
RELEVANCY SCORE 108.8

Hello there i've just registered here as my title states i have a huge problem with Trojan Vundo is playing haveck when im using Internet explorer and generally slowing down my computer usage i've scanned with xsoftspy SE as well as Malewarebot deleted what was there but it keeps coming back any suggestions.
 

Read other answers
RELEVANCY SCORE 108.8

been using spyware dr which rids all the spyware and adware, but these stay here is my hijack this log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:32:32 AM, on 11/17/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files&... Read more

A:Trojan Downloader.conhook, .tiny.id, Virtumonde

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tmichelled My name is Richie and i'll be helping you to fix your problems.Please download/install Avira Antivirus[Free]: http://www.free-av.com/Perform a full scan with Avira and allow it to delete everything it detects.Restart your pc when you've done.After restart,open Avira Antivirus and select "Reports".Then double click the report from the full scan you have just completed. Click the "Report File" button,then copy and paste the report into your next reply once you've done below.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove... Read more

Read other 1 answers