Over 1 million tech questions and answers.

Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Q: Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exeC:\Program Files\Citrix\GoToMyPC\g2tray.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXEC:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\GetModule\GetModule35.exeC:\Program Files\Citrix\ICA Client\pnagent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\IFACE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060929R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xpiron.com/schedule/ehitcR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060929O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logonO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /sO4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [GetModule35] C:\Program Files\GetModule\GetModule35.exeO4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Desk\Application Data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389AO4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Desk\Application Data\Twain\Twain.exeO4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Desk\Application Data\SpeedRunner\SpeedRunner.exeO4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Desk\Application Data\Microsoft\Windows\ynigfn.exeO4 - HKCU\..\Run: [28761799928238382569624961992754] C:\Program Files\A360\av360.exeO4 - Startup: Conexion Portal.lnk = C:\Program Files\Conexion\cnxPortal.exeO4 - Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cabO20 - AppInit_DLLs: nrttkw.dllO23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeO23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exeO23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exeO23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exeO23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe--End of file - 6942 bytes.Thanks,EHI Tennis Club

RELEVANCY SCORE 200
Preferred Solution: Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.But, ESPECIALLY since this is a business computer and it's so severly infected - the only responsible action is a format and reinstall. This because the malware you are currently dealing with (backdoors and rootkit included) already compromised and damaged your computer. It also collected important info such as passwords in a meanwhile as well. And if you want to clean this up manually, there's no guarantee that you can trust this computer again even though logs won't show anything anymore and scanners come up clean.Plus, on top, malware damages a lot.That's why most ITpeople who are taking care of businesscomputers, format and reinstall anyway, since that's actually the best and especially the safest solution.Also, since this is a business computer, it's normal that backups are taken at least once a week - so I assume you have backups as well.Anyway, let me know what you decide. If you want to deal with this manually; then I'll guide you (but don't expect miracles).

Read other 2 answers
RELEVANCY SCORE 128.4

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 127.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 121.2

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 120

Hi,My son downloaded a video codec & unwittingly installed a trojan popup (Trojan.Downloader.Codec.E?) which appears whenever you move around in windows explorer or open a new page in internet explorer. I have tried to get rid of it but failed and I would appreciate your help.I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc32.dll. I am reluctant to try and remove this myself without your advice.Below is the Bit Defender report followed by the Hijack This reportchrisssScanned File Status C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Disinfection failed C:\Documents and Settings\Chris\.housecall6.6\Quarantine\msvidc32.dll.bac_a03768=>(Quarantine-4) Deleted C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Infected with: Trojan.Downloader.Codec.E C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Disinfection failed C:\Documents and Settings\Chris\Local Settings\Temp\G23D-tmp1i.exe Deleted C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf Detected with: Application.MWS C:\WINDOWS\Downloaded Program Files�... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry key... Read more

Read other 12 answers
RELEVANCY SCORE 119.2

Here is my HiJack This log..I need help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:54 AM, on 7/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Browser MOUSE\mouse32a.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_06\... Read more

A:Trojan Downloader.purity.y Trojan, Downloader Generic 7.zkr And Someother Variations

Hello Anne Arp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 2 answers
RELEVANCY SCORE 118.8

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 118.4

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one virus that it says and then lead you to another site with a virus scan but I got rid of those I think. The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when I tried starting it the computer would restart on it own and do it everytime I tried starting it. I ran VundoFix and that seemed to fix most of my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook, Adware Zeno search assistant, enbrowser, sidebyside search and a spycookie Aff6007 cookie. My internet is still acting funny, like when I try to play games on Pogo it says Applet(s) in this HTML page requires a version of Java different from the one the browser is currently using. In order to run the Applet(s) in the HTML page, a new browser session is required. Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans. Why did McAfee Internet Security stop these problems? Everytime I run my virus scan it says I am clean, as well as spybot and ad-aware. The only one that says I have a problem is SpySweeper. Any suggestions would be greatly appreciated, sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance.Logfile of HijackThis v1.99.1Scan saved at 7:31:48 PM, on 4/9/2006Pla... Read more

A:Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 10 answers
RELEVANCY SCORE 118.4

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 118.4

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 117.2

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

Read other 2 answers
RELEVANCY SCORE 116.8

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 116

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 116

Hi all!

I have/had been infected with the Win 32 Generic Trojan Downloader V8 as discovered initially by AVG. I cleaned this but have been warned later for other infected files (several names) every time I reboot. Windows defender has identified these infected files, as well as AVG, and cleaned them. I am also seeing that web browsing is slow and several web pages are blocked in IE and Firefox (antivirus and security related pages). The good news is bleeping computer is not blocked.

I have since installed Spy Bot S&D, HJT and MAM, but they don't seem to detect anything. AVG finds infections on reboot occasionally. I'm also having trouble updating my anti virus, MAM and Windows Defender.

Please help. How do I restore full web navigation and kill the trojan downloader?
DDS (Ver_09-06-26.01) - NTFSx86
Run by GLADYS LOMBANA at 12:43:16.30 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1394 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k... Read more

A:Infected with Win 32 Generic Trojan Downloader V8

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 116

Hi, I am new to the site, so I am not sure exactly what I need to post in regards to my question. I have AVG (free version) and within the past day, it continually pops up with "Threat Detected" while opening file....the most current file it displays is C:\WINDOWS\tk58.exe Trojan horse Generic3.UNS. I heal it each time, but it keeps happening more and more frequently. Also, I am getting an ambundance of pop-ups every time I turn the computer on, even if Firefox and IE are closed. Please help! I have had this computer over 2 years and never had a problem, so this is very frustrating

Computer is a Dell Dimension E510 running Windows XP
Model Dell DM051
X86-based
x86 Family 15 Model 4 Stepping 4 GenuineIntel ~2793 Mhz

Please help, and let me know what additional info you need.

Thank you so much!
Jenny
 

Read other answers
RELEVANCY SCORE 113.2

Hi, we have McAfee running on our computer and about 3 days ago it started showing warnings about pc infected with this trojan. My attempts of cleaning pc from this trojan have all failed.
I have read all the stickies, installed and run the recommended antispyware programs. They have detected other infected files, cleaned those and here I am after all this cleaning, still getting the warning about the generic downloader.
Thanks much in advance for the help!

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:21 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.co... Read more

A:Trojan found - xlibgfl254.dll infected by Generic Downloader.bt

Hi megan,

Welcome to Tech Support Forum!

I apologize for the delay in getting to your log. The helpers here are all volunteers and are not online 24-hours a day. If you are still having malware problems I will be glad to help.

OK, let's do this first.

Please download CCleaner (freeware) and save it to your desktop:Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Once installed, run CCleaner and click the Windows tab.
Select the following:Check everything under the Internet Explorer section.
Check everything under the Windows Explorer section.
Check everything under the System section.
Check ONLY Old Prefetch data under the Advanced section.

Then, click the Applications tab:UNCHECK everything there.

Next, click the Options button, then click the Advanced button:UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".

Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION : Please do NOT use the Issues button. This is a built-in registry cleaner. If you don?t know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner:Click on Kaspersky Online Scanner.
You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin dow... Read more

Read other 9 answers
RELEVANCY SCORE 112.8

I am infected with Trojan-Downloader.murlo and Trojan.Generic. I use PC Tools Spyware Dr. with Antivirus and I have run ComboFix and Malwarebytes. I have tried deleting all but the latest restore point and running all antivirus and anti-malware programs in safe mode. Eventually my scans were clean, but the trojans keep coming back. how do I eliminate them for good?

A:Trojan-Downloader.murlo & Trojan.Generic

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. As such, ComboFix should not be used without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. Since you already ran Combofix, its log should be thoroughly reviewed by experts who have been trained to decipher them before proceeding. ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt. Please follow the instructions in the "Preparation Guide For Requesting Help" starting at Step 6. When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 111.6

I have a similar problem with the above trojan as another poster on this forum. I followed the advice given to that poster and ran ATF Cleaner and Activescan. I still show three spyware programs. Here is my most recent logfile. Appreciate any help you can give me!!

Logfile of HijackThis v1.99.1
Scan saved at 7:58:36 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apex\ApexAgnt.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\system32\INTELMAA\ccmhlp32.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\INTELMAA\ccmhelpr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\PROGRA~1\Intel\INSTAN~1\issuser.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Intel Learning Network\Mobile Player\Bin\MBLPService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Inte... Read more

A:Another computer with Generic Downloader.g Trojan

Do you have the Activescan results
 

Read other 3 answers
RELEVANCY SCORE 110.4

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 109.2

Malwarebytes detected the the Happili trojan today and and asked that I reboot. I did but am still getting redirected in Google searchs. I also scanned with AVG and it detected "Trojan Horse Generic 28.AFXS. There may be some other trojans also as this is the 4th trojan inssue I have had with this computer since Nov 2011. I paid a pc service firm to fix the issues back in November. I then got another infection in January and April that I believed I fixed on my own. I can post some of those trojan names if needed by going back to the old logs. I attemped to fix this issue on my own today by running TDSS Killer and Trojan Remover from simply super software. This product was installed when I paid to have it fixed in November but I am still getting redirects. These issues just began about 3 days ago. I also noticed the PC repair firm I fixed the first issue used the Combo-fix program as there is still a Qoobox folder in the c drives root directory. However they must have uninstalled the combo fix program itself. I will also need to know how to remove the Qoobox folder. My log and attachement are as follows:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Aaron at 23:32:36 on 2012-06-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2276 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17... Read more

A:Infected with Happili trojan / Google Redirect & Generic 28.AFXS Trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 23 answers
RELEVANCY SCORE 108.8

My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run FixVundo.exe, VundoFix.exe, and WinsockXPfix v1.01.exeI have dow... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

Read other 3 answers
RELEVANCY SCORE 108.8

I get the following Messages from AVG's Resident Shield:
Threat detected! Trojan horse SHeur2.BXNY detected on open <--this happens on different files
Threat detected! Trojan horse Generic15.CIFI detected on open <--this has only happened on one file so far luckily

I do the AVG computer scan, it detects the trojans and says it heals all infections but then it starts coming back again. I've also tried using Spybot and have the same thing happen there too. What seems to be happening is that it keeps creating files. It creates them like this.
C:\Windows\temp\*.tmp\svchost.exe
(* tends to be 4 random letters)
I've gone in and deleted everything in my temp folder, done the scans and been told the computer is clean, and then about five minutes later, I get a message saying it's started spawning them again. I've been trying to stay on top of emptying out my temp folder while it's doing this though because in the course of 10 minutes it'll spawn like 25 of these files.
---------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Robyn at 22:44:57.46 on 09/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3068.1641 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP:... Read more

A:Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 108.8

MY ORIGINAL POST IS IN THE WRONG SECTION> I APOLOGIZE!My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run Fix... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

Read other 1 answers
RELEVANCY SCORE 108.8

I would greatly appreciate any help I can get with this. Norton 360 has informed me my computer is infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 and also Trojan.Webkit!html     I realized the seriousness of it when any browser I was using would freeze when I'd attempt to login to online banking. Thankfully my bank noticed something was happening too and shut down the online banking before any $ damage was done. No more online banking till this gets fixed
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 1.6.0_31
Run by Owner at 22:30:05 on 2013-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.6143.1974 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe ... Read more

A:Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more

Hello ddr12 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your... Read more

Read other 32 answers
RELEVANCY SCORE 108.8

hello,i've read most of the manuals here, and tried my best to scan and recover my pc. problem is, since i got infected by those trojans, i cannot use my antivirus/antispyware programs. they are instatnly closed as i open them. so i can't use AVG, Hijackthis, and others. i m not able to open websites that are connected to antivirus programs, with some exceptios.though i cant download and install them on my pc, even on safe mode - i managed to scan the pc online using Panda Active scan and bit defender. those have found hundreds of trojans and spywares on my computer. i have also used Search & Destroy ( with lil effect) and AdAware, but they weren't as effective as Panda and Bit Defender.although they have deleted quite a few, i stll cant access AVG , Hijackthis, and certain websites, including some of the forums here like HijackThis log Analysis (typical AVkiller.C work...).im writing this post from another computer, since i cannot enter the forum from mine.please advise me on how to clean my computer, and get rid once and for all of those pests. i've added some examples of the viruses found during the scan : (some could not be deleted)Panda's Active scan found: Virus:Trj/Downloader.MOW Disinfected C:\WINDOWS\system32\bxjoqoiabbjn.dll Bit Defender has discovered, but could not clean :C:\WINDOWS\system32\vpxyofsugazx.dllSuspected of: BehavesLike:Trojan.WinlogonHookC:\WINDOWS\system32\vpxyofsugazx.dllDisinfection failedC:\... Read more

A:Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More

i was directed to this forum by fozzie :[img] You have a nasty infection on hand Trojan-Downloader.Win32.Delf.pa (Trojan.Stwoyle) You will not be able to run HiJackThis unless a special tool will be utlised. Please post the panda report in the HiJackThis forum here and they will help you. This is a sophisticated tool which needs expertisewhat is this tool he is speaking of, and how can i utilise it?thank u for ur time.

Read other 11 answers
RELEVANCY SCORE 108.8

I've spent the last week or so trying to get all these (Trojan.Vundo, Trojan.Nebular, Adware.Purityscan, Infostealer.Ldpinch, Downloader) off my computer. I should tell you that I know next to nothing when it comes to computers and I'm terrible in a crisis situation, but honestly I think I've tried just about everything from the Symantec website.So today I decided to try it here at BleepingComputer.com. So I followed everything in the Preparation Guide for the site. Rebooted...and Symatec Auto-protect popped up to warn about Tojan.Vundo, Trojan.Nebular and Downloader. I ran VundoFix.exe. Deleted all that was to be deleted. Restarted. Ran VundoFix.exe until it said it was clean. Then the Auto-Protect pops up to say that it detected Downloader. I turned off my Wireless Internet Connection. (By the way, the Firewall baffles me. I don't know what to say no to and what to say yes to). Ran Spybot, Ad-Aware and deleted everything they found. Ran Stinger until it was clean (twice). Turned back on my Wireless Connection to log on to this website. Opened Firefox. MSN and Yahoo messenger opens (See, I'm about 70% sure that it's IE that's the catalyst. If I just stick to Firefox everything is fine for a good while) and the Auto-Protect starts popping up to warn about Downloader, every five seconds (far more than it has been doing for the past week, but it's just that one and not the 'trojans'). I restarted the comp again (everything calm now), did the HijackThis and here I am! If I m... Read more

A:Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader

Welcome to the BleepingComputer HijackThis Logs and Analysis forum AngelSpirit My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 13 answers
RELEVANCY SCORE 108.8

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 108.4

All -Thanks in advance for your help.Some background. Last Wednesday, I hit a website from a Google search and got a suspicious message to launch an anti-virus program that I didn't recognize. I tried to run an anti-virus program I own (I think it was Webroot Spysweeper), but it froze after an hour, and everything on the system slowed to a crawl.Guessing that I was seriously infected, I immediately used restart to shut down the computer and reboot to my D partition that has a different installation of Windows so that I could take a look and run some anti-virus and anti-malware programs. I had to shut down processes because the system was not allowing me to shut down Spysweeper.I ran AdAware and MalwareBytes, which produced the logs farther below (shown after the requested DDS logs). Since two of the messages indicating removal of an infection mention Spysweeper, I wonder if it didn't infect that program while it was running.Since I've been through something a bit like this in 2007 and worked with Bleeping Computer to resolve it, I did as instructed in the Preparation Guide, but also ran several existing apps, like:Anti-virus -AvastMalware BytesSpysweeperAdAwareSuperAntiSpywareMisc -ADS Spy v.1.11TDSSKillerRKILLGMERHijackThisIMPORTANT - I THINK WHAT MIGHT BE CAUSING MY SYSTEM SLOWNESS NOW (WINDOWS PAINTING IN A JAGGED FASHION AS I MOVE THEM AND SCREENS REDRAWING VERY SLOWING AS I PAGE DOWN IN APPS AND BROWSERS) IS THE FACT THAT TDSSKILLER DELETED ONE OF MY NVIDEA D... Read more

A:Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 17 answers
RELEVANCY SCORE 108.4

windows keep popping up , all my security programs can not run, i cannot install windows defender, and the computer is much slower (and constant stating that spyware has been detected). Below, I have pasted the log and info text file generated from the RSIT program. Thank you or all your help!!!Logfile of random's system information tool 1.04 (written by random/random)Run by Narda at 2008-11-29 16:46:41Microsoft Windows XP Home Edition Service Pack 2System drive C: has 6 GB (44%) free of 14 GBTotal RAM: 511 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:27 PM, on 11/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files ... Read more

A:Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open o... Read more

Read other 20 answers
RELEVANCY SCORE 108.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:28:44 AM, on 9/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files�... Read more

A:Infected With Trojan Program Trojan-downloader.win32.tiny.id

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Conan Edogawa My name is Richie and i'll be helping you to fix your problems.*NOTE*If you have previously downloaded ComboFix,please delete that version and download it again from below. Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

Read other 1 answers
RELEVANCY SCORE 108.4

Hi guys,I ran a rogue executable sent to me by a friend and knew immediately that something was awry.SYMPTOMS- Computer bogged down immediately and i saw i was infected with the Nmehaa.exe process (which i ended).- Received repeated warnings that Spoolsv.exe was trying to access secure files (selected no)- Received repeated warning that internet explorer wasn't executing script properly and prompted to continue running script. I don't use IE, just firefox. I selected no repeatedly, then accidentally hit yes, which resulting in my google links being hijacked and sending me to shopping pages within firefox.- could not run malwarebytes anti-malware OR Superantispyware free- my wireless zero configuration continually turns itself off, meaning wireless network access is nearly impossible- PC doesn't recognize a plugged in ethernet cable- my taskbar at bottom has messed up colors (i run a black theme and the taskbar is now black with gray sections)ACTIONS- disabled wireless network card- ran AVG anti-virus in standard mode, which gave a false negative and didn't remove any infection- attempted system restore several times, to no effect- found and followed the preparation guide here on bleepingcomputer.com (DDS and GMER files are attached)- After following guide, i took one more stab at a solution: I downloaded the latest versions of superantispyware and malwarebytes and their latest definitions, transferred them to the PC via USB, and ran them in safe mode after t... Read more

A:Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 9 answers
RELEVANCY SCORE 108.4

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won't allow me to open my virus vault. I have windows xp. It won't allow me to open spywall, spybot or other antispyware. AVG said I have trojan horse downloader. zlob.AOKR, tracking cookie. Yadro, tracking cookie. 207, tracking cookie.Revsc.

I downloaded HJT many times and the first time is started scanning and stopped in the middle and when I tried to open it doesn't allow me to open.

I started a scan with an antivirus called paretologic on all of my computer and it took over 2 hrs so I stopped it in the middle as I need to use my computer as I use it for business. It picked up a whole bunch of other viruses and trojans in during that time. Only the scan is free and I am unable to retrieve the history of the scan so I can't post the viruses.

On top of all this my computer has been really slow for months and also takes about 10-15 min to fully reboot. Lately, it freezes almost everyday at least once. I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient.

I am in desperate need of help as I use my computer for my business.
Thanks
 

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

Read other 16 answers
RELEVANCY SCORE 108.4

My computer is infected with virus. I have use combofix.exe to fix it but still cannot.
My computer is infected with Trojan program Trojan-Downloader.Win32 Genome.skj which is detected by Kaspersky 2009.
Thought the infected file is nothing then i had open it in a safe run shared folder then my computer is infected with virus.

After my computer was infected:
Even no program is running the cpu usage is more than 10%.
svchost.exe is running under the user name of bryan(not system or local service).
When i end the process after a few second it come back automatic.
Or when i go online and try to end the process svchost.exe (username bryan) my network usage go back to zero.
I did not download anything or surfing the web and when svchost.exe start(username bryan) the network usage goes up. Usage is around 0.11%). Plus IEXPLORE.EXE running even i did not open the internet explorer.
I have run a full scan with Kaspersky Internet Security 20009 and the database are up to date but unable to detect it.

The virus was downloaded in: (http://server37.cn/crack/crack411.exe) (File size:11.5kb)
Can anyone tell me how to fix it? And what does this virus do?

A:Infected with Trojan program Trojan-Downloader.Win32 Genome.skj

Welcome to BCYou have a rootkit infectionPlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

Read other 5 answers
RELEVANCY SCORE 108.4

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won't allow me to open my virus vault. I have windows xp. It won't allow me to open spywall, spybot or other antispyware. AVG said I have trojan horse downloader. zlob.AOKR, tracking cookie. Yadro, tracking cookie. 207, tracking cookie.Revsc. I started a scan with an antivirus called paretologic on all of my computer and it took over 2 hrs so I stopped it in the middle as I need to use my computer as I use it for business. It picked up a whole bunch of other viruses and trojans in during that time. Only the scan is free and I am unable to retrieve the history of the scan so I can't post the viruses.

On top of all this my computer has been really slow for months and also takes about 10-15 min to fully reboot. Lately, it freezes almost everyday at least once. I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient.

I am in desperate need of help as I use my computer for my business.
Thanks
 

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

The General Security forum is only for general questions regarding security software and things of that nature but not for actually removing malware as we have qualified helpers who are the only members who are authorized to assist with those matters. You can easily identify them as they have either a gold or blue shield beside their usernames. Please refer to this excerpt from the rules:

http://www.techguy.org/rules.html

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. If you'd like to participate in a training program, please contact a Moderator or see this article.Click to expand...

I'm going to close this thread and ask you to repost in the Malware Removal & HijackThis Logs forum for the proper assistance.
 

Read other 1 answers
RELEVANCY SCORE 108.4

I have had my anti-virus(Avast) continuiously popup saying i have a trojan. I delete it and then run XoftSpy SE it also detects vundo and winfixer and downloader- New Juan/VM. I have also ran SuperanitSpyware. It also tries to remove it all to find out it is still on there. I have also ran Stinger, it found nothing. I am running Windows XP. Also when i do this, there are 2 others who also have different user names on it, do i need to access each user and repeat the process for each user? Sorry not sure of these things. I have also experienced continous popups wanting me to download spyware antiviruses, and to try and get rid of these are a real pain because they just keep popping up. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:01:12 PM, on 11/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC: ... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 7 answers
RELEVANCY SCORE 108

Hi there :

heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:07, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\syste... Read more

A:Infected with Trojan.Adclicker.HB & trojan generic 826214

bump

Read other 19 answers
RELEVANCY SCORE 108

Hi Guys,I've had a virus on my computer for 2 months now but can't remove it. Norton says it's trojan.cachecachekit and AVG says it's trojan horse Generic.GM. I've done scans with Panda, AVG, Ewido, Stinger, Spybot, Ad-Aware SE, CCleaner in both safe mode and normal mode but nothing seems to work. It SEEMS once the system boots up it re-installs itself. The popups are so bad I can't even work on the computer. If I wanna work then I need to disable my anti-virus shield. My laptop is a dual boot system (win 2000 pro and win xp). So far I only see problem with win 2000. Win XP seems to be fine. I have a wireless network at home but this virus was caught while I was away from home. I have tried suggestions from other forums and Symantec but so far nothing has worked. Now either it's re-formatting the HD or you guys. Pleaaaaaaaaaase don't make me re-format my HD. Thanks for all you help in advance.Here is the most recent Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 12:15:40 AM, on 12/27/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\system32\svchost.exeD:\WINNT\System32\svchost.exeD:\WINNT\system32\spoolsv.exeD:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeD:\PRO... Read more

A:Infected With Trojan.cachecachekit / Trojan Horse Generic.gm

Fix these with HJT ? mark them, close IE, click fix checkedO4 - HKLM\..\Run: [Microsoft IIS] D:\WINNT\system32\syshost.exe O4 - HKLM\..\Run: [Microsoft Windows Autowxckn] autowxckn.exe O4 - HKLM\..\RunServices: [Microsoft Windows Autowxckn] autowxckn.exeO4 - HKCU\..\Run: [Microsoft Windows Autowxckn] autowxckn.exeO23 - Service: File copy caching service (cpy) - Unknown owner - D:\WINNT\cpy.exeO23 - Service: Mod Libary (modlb) - Unknown owner - D:\WINNT\modlb.exe (file missing)=================Click Start > Run > and type in:services.mscClick OK.In the services window find File copy caching serviceRightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.Repeat for - Mod Libary=============DownLoad http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for c... Read more

Read other 9 answers
RELEVANCY SCORE 108

Hi. Thanks in advance for the time. McAfee AV it's telling me since yesterday this message:McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Generic.dx!peb (Trojan), Generic.dx!peb (Trojan)Location: C:\WINDOWS\TEMP\eorh.tmp\svchost.exeThe eorh.tmp it's just an example. The path will be always like: C:\WINDOWS\TEMP\xxxx.tmp\svchost.exe Now it has added another trojan: McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Artemis!21CF83958DC7 (Trojan), Artemis!21CF83958DC7 (Trojan)Location: C:\WINDOWS\TEMP\hsuy.tmp\svchost.exeThis keeps appearing in like 10 minute intervals:Here it goes the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by mmondeja at 10:45:34,10 on 25-03-2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Business 6.0.6002.2.1252.56.3082.18.2015.769 [GMT -3:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\WINDOWS\system32\wininit.exeC:\WINDOWS\system32\lsm.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\system32\Ati2evxx.exeC:&... Read more

A:Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 107.2

Hello,I first noticed a problem with printing on about 12 July. The print job hangs in the spooler after printing. Canon support says the printer is working fine. Norton Internet Security didn't find anything in a full system scan.Then I found this site!!!My OS is Windows XPI followed the recommendations outlined in the Preparations posting...Here is the Kaspersky log:--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, July 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, July 29, 2008 19:51:46 Records in database: 1023975--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: A:\ C:\ D:\ F:\ H:\ I:\ J:\ K:\ L:\ M:\Scan statistics: Files scanned: 102220 Threat name: 4 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 02:14:47File name / Threat name / Threats countC:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\121567F3.exe Infected: Trojan.Win32.Zapchast 1C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6698348B... Read more

A:Infected: Trojan.win32.pakes.jxe And Trojan-downloader.bat.ftp.ab

Please disregard the earlier posting. I have resolved the virus issues.

Thank you,

GeeTeePee

Read other 2 answers
RELEVANCY SCORE 107.2

Hi,My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).The virus killed the internet connection (but I managed to figure out how to get the internet back), disabled Norton anti-virus and generally slows down the whole machine. The virus seems to prevent me from restarting into Windows safe mode. Various tools don't run - for instance, I could not run DrCureIt or even Kaspersky online scan. I've been moved to this forum from the 'Am I infected? What do I do?' forum. For a full report of the problem, and the steps taken so far, please see:http://www.bleepingcomputer.com/forums/t/228965/infected-with-trojandownloader-trojanagent-bagle/I'm posting a DDS log as in the instructions.Thanks in advance for all your help!Cheers,Karol.DDS (Ver_09-05-14.01) - NTFSx86 Run by Eczka at 12:48:08.06 on Tue 26/05/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.82 [GMT 10:00]AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\ACS.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\TOSHIBA\... Read more

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hello KarolF, and to Bleeping Computer Forums, My Nick is Net_Surfer I'll be glad to help you with your computer problems.I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.Please be patient and I'd be grateful if you would note the following:The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. 1. Please reply using the AddReply button in the lower right hand corner of your screen. Do not start a new topic. 2. The lo... Read more

Read other 15 answers
RELEVANCY SCORE 107.2

Hi ! My system has been infected with Trojan.Virtumonde/Trojna-Downloader.Agent.OGP viruses. These were identified by Spyware Doctor , after identifying them Spyware doctor prompts me to reboot the system so that they can be removed. But once the system is started againg, they are there. Again Spyware Doctor identifies them and tries to Fix them, again asking to re-boot the system. This keeps on going but the viruses are still there. The Trojan.Virtumonde virus is associated with the basesr.dll file in System32 folder. The basesr.dll file description shows - Alcohol 120%, Company-Alcohol Soft Development Team

Due to this

I am receiving lot of unusual pop-up screens
Internet Explorer is Re-directing to different web pages instead of the expected page.
Internet explorer takes lot of time to load a page.
CPU usage seems to 100%.
Unkown process are executing in windows task manager.

Please resolve the same for me . let me know for anything.

DDS.txt details:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Clement at 18:20:15.82 on Mon 05/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1348 [GMT -4:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP

Hello mercyman,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.

Read other 45 answers
RELEVANCY SCORE 107.2

A couple days I go, I got infected by a trojan.vundo (I think). Now all these pop ups and misleading applications appear randomly, even if i have my pop up blocker on and the windows firewall. My symantec norton anti virus blocked and managed to get rid of it but in the end, the virus, bug, or whatever it is keeps on comming back. And after I scanned my computer, the pop ups still appear (not sure if they are even pop ups since the "advertisement" opens up on another internet explorer browser). I'm beginning to have trouble loading websites and such, even though my internet is working fine; I'm having trouble posting here and loading the page too =\Any help would be appreciated. Thanks.Deckard's System Scanner v20071014.68Run by admin on 2008-04-24 16:58:37Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --61: 2008-04-24 23:59:01 UTC - RP351 - Deckard's System Scanner Restore Point60: 2008-04-24 04:43:44 UTC - RP350 - Last known good configuration59: 2008-04-24 04:43:38 UTC - RP349 - Removed Adobe Photoshop CS258: 2008-04-24 04:43:38 UTC - RP348 - Last known good configuration57: 2008-04-24 04:43:38 UTC - RP347 - Last known good configuration-- First Restore Point -- 1: 2008-04-24 04:43:35 UTC - RP291 - System CheckpointBacked up registry... Read more

A:Infected By Downloader/trojan.metajuan/trojan.vundo

Hi,Please uninstall MyWebSearch via software > add & remove programs.Reboot afterwards.After reboot, * Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 2 answers
RELEVANCY SCORE 107.2

My laptop became infected today with a Trojan that AVG Antivirus described as Trojan Downloader.zlob and Trojan Clicker.VBE. The trojan caused the PC to crash and reboot after it first appeared, added two porn web site shortcuts to my desktop, and made both IE and Firefox begin popping up a website for "AntiVirus 2009", which I learned from a quick search via my desktop (which is not networked to the laptop) was some sort of scam. The malware also did something that kept me from accessing this web site, the site for Ad Aware, and several other web sites related to Malware removal. I ran a full scan with AVG and it found several files which it quarantined, including "prrunnet.exe" and "msiconf.exe". After that, I cleared all caches and temporary internet files for both browsers, but the pop-ups continued. I then ran Malwarebyte's Anti-Malware and that found and removed 16 additional files. I then rebooted and the pop-ups and web site blocking are gone. I'm still having an with the "DCOM Server Process Launcher" crashing, which forces the computer to reboot. I'm also not sure all the malware has been removed, so I'm hoping someone can take a look at my DDS logs. Here is my DDS.txt report, and the Attach.txt file is attached.Thank you in advance.* * * * * * * * * *DDS (Version 1.1.0) - NTFSx86 Run by Patrick Toman at 21:57:58.67 on Fri 01/02/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Ho... Read more

A:Infected with Trojan Downloader.zlob, Trojan Clicker.VSE

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled.Since AVG is outdated, please uninstall it using Add/Remove Programs. Reboot after the uninstall.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is f... Read more

Read other 11 answers
RELEVANCY SCORE 107.2

Hi, I had ran several anti virus and spyware removal programs such as the spyware doctor, the f-secure anti virus and the microsoft security scanner, to remove the above trojan horses to no avail. All the programs were able to detect the malwares but even after applying their solutions, the malwares will appear again even after an immediate rescan of the system. The Trojan.virtumode seems to be removed after i used a program called VundoFix, but i'm not really sure.. so i included it in the topic title just in case. Below is my log file obtained using hijackthis. My exams are a few days away and i really need my com to be working properly and free from irritation to be able to study. Your help will be greatly appreciated!! THANKS!!By the way, i did try disabling system restore and do all the scans again. But it just doesnt work! Please Please Please Help THANKS!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:52:14 AM, on 11/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\... Read more

A:Infected With Trojan-downloader.conhook And Trojan.virtumode

Please do the following:Download ComboFix Save to the Desktop. <<<Important!!Now, go to Start > Run, and copy/paste the following single line command in the Open box: "%userprofile%\desktop\combofix.exe" /killall Example:Click:OKFollow the prompts. Then type 1 and press Enter to begin the scan.Do not mouse-click the ComboFix window while it runs. It may cause it to stall.When finished, a log, ComboFix.txt, is produced.~~~~Run HijackThis once again to obtain a new log.~~~~Please provide the contents of the ComboFix log , and the new HijackThis log in your reply.

Read other 10 answers
RELEVANCY SCORE 107.2

I ran a few anti-spyware programs to check my computer out as it was acting a little weird and got alerted to:

Trojan-Spy.Zbot
Trojan-Downloader.Tiny.ID

And can't figure out how to remove them.

What was causing my concern with the Internet Explorer .exe file was not being removed from my processes after I closed it down and also was having problems where I couldn't open up any more window or right-click and pull up any menus.
DDS (Ver_09-01-07.01) - NTFSx86
Run by Scott at 14:02:19.54 on Fri 01/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Disabled:{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No File
BHO: Disabled:{206E52E0-D52E-11D4-AD54-0000E86C26F6} - No File
BHO: ReadMe-BHODemon - No File
BHO: Disabled:{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: Disabled:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Disabled:{7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{C451C08A-EC37-45DF-AAAD-18B51AB5E837} - No File
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6... Read more

A:Infected with Trojan-Spy.Zbot, Trojan-Downloader.Tiny.ID

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 107.2

Hi,

My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).

The virus killed the internet connection, disabled Norton anti-virus and generally slows down the whole machine.

I already ran malwarebytes anti-malware, which found the following:
Trojan.Downloader
Trojan.Agent
Trojan.Spammer
Rootkit.Bagle

Malwarebytes tried to remove the infected files but the virus just returns on reboot.

I also ran hijackthis. I can post both the logs if requested.

Thanks in advance for any help!

Cheers,
Karol.

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hi Karol and welcome to BC Let's do a few tasks. If you are using a wireless router, please reset it and make sure it is set to automatically obtain a DNS address. Routers vary, so you may have to reference your manual. If you do not have a manual, please let us know what the model and make of your router is. Also, please make sure you place an administrator password on your router. Don't forget to write this information down = you may need it 6 months from now Please rerun Malwarebytes using these instructions:On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is dif... Read more

Read other 9 answers