Over 1 million tech questions and answers.

Anti Virus/trojan, Anti Virus Xp 2008 / Trojan Horse Downloader.fraudload.p

Q: Anti Virus/trojan, Anti Virus Xp 2008 / Trojan Horse Downloader.fraudload.p

This is my first post on this site, and I turn to you in desparation!

I'm not sure if I have two problems, or one problem manifesting itself in two different ways, which is why I have combined this post.

I have somehow gained a programme named "Antivirus 2008" which is constantly warning me that I have 688 viruses on my computer. When this initially started, I ran my free copy of AVG. This warned me of the presence of Trojan Horses, but it was unable to remove them. The full version of AVG would, I was assured, sort the problem. In a moment of madness, I then purchased the full AVG8 programme.

On running AVG8 it informed me of the presence of a huge number of trojan horses, and offered to heal them. I accepted that option, and was informed that the trojans had been healed (or maybe it was removed/sent to the vault - to be honest, I'm getting a bit punch drunk now, and I'm not really sure)

Following this, AVG "Resident Shield Alerts" keep popping up every 15-20 seconds warning me of more Trojan horses. When I click "Remove Threats" or "Heal", sometimes I get a warning reply "Some files could not be found." Sometimes I don't. Either way, it doesnt make any difference - the next warning pops up about 20 seconds later. This is true whether I tick the "power user" box, or not.

The exact details given by AVG are :

File Name: C:\WINDOWS\system32\ppchcgq1j0elfv.exe
Threat Name: Trojan horse Downloader.FraudLoad.p
Detected on Open
Process Name: C:programfiles\rhclq1j0e1fv\rhclq1j0e1fv.exe
Process ID: 2828

With regards to the Antivirus XP 2008, which I think has been the root cause of the problem, I have tried "START" "Control Panel" "Add/Remove Programmes", but get the error message, "An error occurred while trying to remove . It may have been already un-installed. Would you like to remove AntivirXP08 from the Add/Remove Programmes list?"

Any advice would be appreciated. I am not, by the way, the smothest operator, so any advice needs to be prtty much key stroke by keystroke!

Thanks.

The Darg

RELEVANCY SCORE 200
Preferred Solution: Anti Virus/trojan, Anti Virus Xp 2008 / Trojan Horse Downloader.fraudload.p

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Anti Virus/trojan, Anti Virus Xp 2008 / Trojan Horse Downloader.fraudload.p

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Read other 1 answers
RELEVANCY SCORE 148.4

My Anti - Virus detects Trojan Horse Downloader.Small.8.BD and it cant delete or heal the file, I am using AVG Anti-Virus Free Edition. The file is called Loader(1).cab. Please Help!!!!
 

A:Solved: My Anti - Virus detects Trojan Horse Downloader.Small.8.BD

Read other 10 answers
RELEVANCY SCORE 133.2

Hi,
My computer has really slowed down ever since I got these viruses. It also crashes randomly and gives me a blue screen. I tried to do a system restore but failed. Bitdefender 2011 keeps on telling me that its blocking a virus called "Trojan Generic" and also another one called "Trojan Horse" but the box keeps on popping out every 10 seconds or so. I have scanned my computer with HijackThis and will post the resulst below. I will appreciate any suggestions anyone out there has since I've tried on myself for a week to remove it with programs like Malwarebytes, Spyware Doctor(actually bought it 2 days ago but it did nothing), Bit Defender 2011, AVG 2012, and have failed to remove it. Thank you for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:09 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Gabriel DLT\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)... Read more

Read other answers
RELEVANCY SCORE 132.8

anti virus pro 2009 trojan downloader.x trojan and more

Web pages were being redirected. i ran mcafee scan it deleted 20 instances of anti virus pro 2009 trojan. ran again and found afew more plus downloader.x

the web pages are no longer redirected but there are sooo many processes running that i dont think it is clean.

i also ran eusing registry cleaner.

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:17 PM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS... Read more

A:anti virus pro 2009 trojan downloader.x trojan and more

Can anyone help me? please
 

Read other 1 answers
RELEVANCY SCORE 132.4

Please help.I was hit with Anti-Virus 2008.I went to the Forums and I followed the instructions and downloaded then ran Malwarebytes, Spybot, Housecall, ActiveScan 2.0, BitDefender and McAfee's Stinger. I had previously on my machine the following so I also ran AVG Anti-spyware, Super Anti-Spyware, Lavasoft's Ad-Aware, and NOrton system work's NOrton's Anti-Virus.I also loaded Sygate Firewall, but am allowing all through, otherwise Firefox acts oddly.My machine is not quite what it was, so I may still have a problem.Here is my HijackThis output:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:54:04, on 9/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\... Read more

A:Anti-virus 2008 And Trojan-spy Win 32

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 5 answers
RELEVANCY SCORE 129.2

Hi,
Running AVG Anti-Virus program free edition 2011 and it found the following viruses:
Trojan horse Generic 26.CZL
Trojan horse Agent_r.ATV
Trojan horse Generic_r.JU
Trojan horse Back Door.Generic 14.BXJC

Not sure how to get rid of these. Is there a better free virus software to use?

Computer is HP Pavilion Slimline Desktop running windows 7

Any help would be greatly appreciated.


Thank you,
Jeff

A:AVG Anti-Virus shows Trojan horse virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 128.4

AVG Anti-Virus found Trojan Horse Generic11.PWW in C:\Document and Settings\Owner\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe, I followed instructions to move the file to the virus vault. Everything seemed to have been done correctly. Shortly there after a security warning window popped up that said AVG had found the same Trojan Horse but in a different location - This time it was in C:\System Volume Information\_restore-{076E216A-6C99-4D0C-9F4A-9F6D3AAF52C1}-\RP64\A0032152.exe!! I did the same thing as before and move it to the virus vault. Sneaky pain in my bum!!

If anyone could help me get rid of this bugger I would appreciate it very much.

Here is my HijackThis log. . .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:54 PM, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PRO... Read more

A:Trojan Horse Generic & AVG Anti-Virus

It's likely a false positive detection. I don't see anythng malicious in your log. I would release the file from quarantine and upload it to Jotti's to have it anyalyzed to be sure:

This is the location of the file:

C:\Document and Settings\Owner\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe

Here is the link to the Jotti file scanner.

http://virusscan.jotti.org/

Please copy and paste the results here.
 

Read other 1 answers
RELEVANCY SCORE 126.8

Please if anyone can help I will really appreciate it....I ran the AVG and a threat came up with the name of trojan horse....I ran the computer in safe mode after downloading SDFIX, but I still keep getting "system alert" from my computer. Today I ran the AVG again and it didn't say it had a threat but something called "hosts" that is located in system 32 or something came up and I would like help to stop getting pop ups with system alert and offers to buy anti-viruses....please, please help because my computer has slowed down significantly.

Thank you very much,
Araceli
 

A:Trojan Horse, svhost...getting anti-virus pop ups all the time

Sorry I forgot to attach my HIJACK log...

Here it is...hopefully I did it right because I am definately new at this. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:00 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Progr... Read more

Read other 2 answers
RELEVANCY SCORE 126

i have installed many anti-virus apps but they get disabled the next time i try to run them.
i think i have the virtumonde virus, browser hijacker, cool search virus, skynet virus, password stealer, and a downloader.
most of these are from a trail stopzilla and malwarebytes and kapersky found a Trojan that started with a h .
task manager regedit and registry editing are disabled and when i try to repair the become disabled in a few seconds.
i installed unlocker and 7-zip later the .exe were missing

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 20:40:34.71 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1388 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\W... Read more

A:infected with downloader trojan and something that blocks anti-virus apps

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and ... Read more

Read other 52 answers
RELEVANCY SCORE 125.6

Hi

I will try keep it as short and simple as possible.

I accidently clicked an ad link while browsing and then my anti-virus (AVG 8.5) warned me of 4 files on my computer that read 'trojan horse'. I chose to remove the files and only 2 of them were sucessfully removed. I'm running a scan on the infected PC now and logged into a clean one to contact you.

I do alot of banking online and really need to be assured that the infected PC is clear before I start using it again.

Help much appreciated. Kind regards and Merry Christmas.

A:Anti-virus warning me of 'trojan horse' after clicking link

Hi, do you know which files it flagged as trojan horses? There should be a log somewhere in AVG (I haven't used AVG for a longggg time)Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update t... Read more

Read other 11 answers
RELEVANCY SCORE 125.6

Hello, would appreciate some help. Freinds pc running windows xp home edition has what would appear to be trojan horse infection. This is apearing as antivirus software notification and prevents genuine anti virus and spware removal along with windows security updates from running. I have run a log on hi jack this which is attached below. Many thanks in advance for your help.

Adam Howard.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:25:42 PM, on 2011/03/01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:�... Read more

A:loks like a trojan horse infection for anti virus software

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please no... Read more

Read other 2 answers
RELEVANCY SCORE 125.6

I went to a website I have been to many times and is a trusted retailer of weapon scopes. When I went to the website AVG alerted me that the virus "Trojan horse Dropper.Generic3.FJU" had been installed on the computer. It found 3 files and I added all of them to the virus vault. I have run AVG twice since then and it come up with nothing and have run Adaware once and it found nothing. I wanted to post a hijackthis log on here to see if I'm all clear:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:34 PM, on 1/17/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Inter... Read more

Read other answers
RELEVANCY SCORE 124

My AVG caught this anti-virus, I need help safely removing it, and whatever may have brought it into my computer. Everything has been running very slow, and when i restarted my comp earlier, it scared me, the background came up, but no desktop icons...took about 5 minuets for them to show up. I ran the scans from your 5 step process, but when I ran the DSS, I could only get it to give me main.txt.
So heres what I have, please help if you can, and thanks.

Deckard's System Scanner v20071014.68
Run by Sylverkitti on 2008-01-12 21:02:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Sylverkitti.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03, on 2008-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PRO... Read more

A:Computer Dragging, very slow Anti virus caught: Trojan horse VB.CEC

bump.

Read other 1 answers
RELEVANCY SCORE 124

My work pc had been infected by this virus today. My boss insisted I open a zip file attached to an email with an title of Accounts 2008-2009 and the PC shut down. AVG, Spybot and Adaware 2008 have removed hundreds of items but the PC still runs slowly and my screen had changed. A lot of the files were named C:\windows\system32\pphce11j0e5sj.exe. The file seems to download a so called virus checker and insists that you download a file to remove the virus (over 500 of them)!
I have full AVG on my home PC and it does not recognise this virus when I search the help facility. Help!!

A:Trojan Horse Downloader.fraudload.p

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 11 answers
RELEVANCY SCORE 124

I think i downloaded malware because I scanned with AVG and found "Trojan horse downloader.FraudLoad.N" which the only thing I can do to it is put it in the Vault. Also I have fake security warnings pop up prompting me to download software. It doesn't seem very harmful, but is very annoying. Any help would be appeciated. Thanks! Also, none of the other users get the security pop-ups.

A:Trojan horse downloader.FraudLoad.N

Hi

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Read other 1 answers
RELEVANCY SCORE 118.8

I was suddenly infected by this today, all i did was browsing through the internet as any normal person does. I'm running AVG free edition and i've never had any problems before. Suddenly i get the C:\windows\system32\pphce11j0e5sj.exe virus warning and AVG gives me the option to "Heal" it and so i do. Thought everything is fine but seems it keeps popping up with the same virus. Right after my screen changed and it wants me to download a virus checker to remove the viruses. Claims i have 3054 of those.
I've seen this sort of topic before, and i followed the guidelines. The C:\windows\system32\pphce11j0e5sj.exe virus warning has stopped, but the virus checker is still going on.
I've downloaded MBAM and i've done the quick scan and rebooted.

Using Windows XP Home
I'd really appreciate any help given.

Here's the log:

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 2

14-09-2008 01:29:39
mbam-log-2008-09-14 (01-29-39).txt

Scan type: Quick Scan
Objects Scanned: 53855
Time Elapsed: 3 minute(s), 22 second(s)

Memory Processed Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 13

Memory Processed Infected:
C:\WINDOWS\system32\lphcph3j0ec31.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious item... Read more

A:Trojan Horse Downloader.fraudload.p, I've Seen A Few People Has Recieved Help Regarding This Problem. Hope You Can Help Me...

Hi Nylle. We have a good start here. Please continue with this procedure:Lets see if anything is left out there.Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates". (If you encounter
any problems while downloading the updates, manually download them from
here and
unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but ... Read more

Read other 7 answers
RELEVANCY SCORE 116

i have uninstalled norton anti-virus 2008 from my computer however it is still coming up in the start menu and loading on startup. i am wondering how i can remove this and other things from my startup? i can not install any other anti-virus until this is removed.

note: i tried removing them from startup once and it keeps telling me i have put it in a specific startup mode. but when i change the mode it still does not work.

i also removed a instance of windows xp from the boot.ini section that i did not need and when i change the mode the other instace comes back up on reboot.
 

A:Solved: help! norton anti-virus 2008 cant remove wont let me install another anti-vir

Read other 9 answers
RELEVANCY SCORE 115.6

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 115.6

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

Read other 3 answers
RELEVANCY SCORE 114.8

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 114

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 110

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 1 answers
RELEVANCY SCORE 108.8

The program says it is removing the problem however the virus keeps coming back. It was run in safe mode.
AVG 8.0 Anti-Virus command line scanner
Copyright © 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.10.9/1900 2009-01-18

C:\WINDOWS\system32\ezodsp.dll Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\efcBsPGa.dll Trojan horse Vundo.DM Object was moved to Virus Vault.
C:\WINDOWS\system32\winlogon.exe (588) Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\ssqPgEtu.dll Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\WINDOWS\system32\lsass.exe (672) Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\26c2d1535b56d242cf2bfb61228a81\msxml4-KB927978-enu.log Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Christine\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Christine&... Read more

A:Antivirus 2009 Fake Anti-Virus Trojan Virus

Let's try a different scanner--------------------The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click ... Read more

Read other 1 answers
RELEVANCY SCORE 108.8

cont'd from http://www.bleepingcomputer.com/forums/topic415205.html

Hi,

I am running Windows XP Home Edition SP3 on a Compaq Mini netbook and recently got infected with a trojan or a virus. I've been trying to clean it for a while with no luck. It used to asked me to buy a fake antivirus software, but it doesn't do it anymore. It may be the MSBlaster trojan.

When I try to open it in safe mode, it closes all the antivirus programs including hijackthis and malwarebytes.

I tried renaming malwarebytes and run it but did not work. It stats scanning and closes after 5 seconds.

Even in safe mode, there is a suspicious program in task manager named 472196741:2061097699.exe which I can not kill using task manager.

None of the network connections (including internet) do not work on the computer but I have another laptop to transfer files through a USB.

I was able to get the full DDA log, but the virus closed the GMER application once it was done scanning which makes me not able to get the GMER log.

Please help!

Thanks

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 20:33:03 on 2011-08-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.486 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4F... Read more

A:trojan/virus closes all anti-virus software and mbam

I'd like to continue resolving this through spybot.com forums. Please close the thread. Thanks.

Read other 2 answers
RELEVANCY SCORE 108.4

I ran AVG, but it didn't remove the virus to the vault. Here's the HJT log. any help would be appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 12:36:25 PM, on 7/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.go.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSch... Read more

A:Help Please. Got virus...Trojan horse Downloader.Small.6.BA

Read other 6 answers
RELEVANCY SCORE 108.4

Hi, i was on my computer when a message came up saying, Threat Detected,when i checked it,it said it found a "Trojan Horse Downloader Agent 11.S" in C:\\Windows\System\A331.EXE.I tried to heal it using my antivirus software, but no luck, i was told by many to delete the whole file, but its in a windows system file, that says if you tamper with them, you could mess up your computer. And even when i looked for the folder, its not in the windows system folder, so not only can i not delete it, i cant find it, and i dont know what to do.i dont know if that is even important, and if it is not, i would like to know where to find it, and how i can delete it, if anyone knows anything about this,i would greatly appreciate some guiding advice.thanks alot.

A:Trojan Horse Downloader Virus Question?

Install Super Antispyware. Run in safe mode and let it quarantine or remove whatever it finds.http://www.superantispyware.com/Run an online scan using Bit Defender and let it quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.htmlIf you have reason to believe you are still infected, post a Hijack This log in the proper forum by following the instructions in the link below.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/What program gave you the alert?

Read other 3 answers
RELEVANCY SCORE 108.4

I tried to remove the "Trojan horse downloader.small.18.T Virus" using AVG and even tried deleting the file but nothing works. Please Help any suggestions welcome> Thank you.
 

A:Trojan horse downloader.small.18.T Virus

Hi marc67, Welcome to TSG!!

Click here to download Hijackthis and post a log.
This log will open in notepad. Copy and paste the log back here for review.

Don't make any changes until instructed to do so.
 

Read other 1 answers
RELEVANCY SCORE 108.4

I have an infection of the Trojan Downloader Horse Agent BR 14 or something, it has files like ftpdll.dll and spools.exe are the mian culprits. I've tried to wipe it off even in safe mode but it still comes back and I'm sure it has chnaged up some registry things too, NEARLY FORGOT!! when I try to open task manager, it says memory too big in a DOS window ?!?!? here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:08:44, on 30/03/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Messenger Plus! 2\MsgPlus.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\drivers\ctfmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\MICROS~3\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Last.fm\LastFMHelper.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC... Read more

A:Trojan Downloader Horse Agent Br 14 Virus

I FIXED THE PROBLEM I USED AUTORUNS TO HELP ME FIND THE CULPRITS, THANKS YOU GUYS!!

Read other 2 answers
RELEVANCY SCORE 108

Hi everyone
Ive got a virus on my pc (window vista just so you all know) which cant be removed by Norton virus scan.
Its showing up on norton as 'Trojan.Awax' also ive got three 'downloaders'.
Also when I am connected to the internet i get popups warning me i have a virus and taken me to a page asking
me to buy 'Anti-virus 2009' which ive closed straight away (looks verrrrry dodgy)
Hope this can be solved, its stressing me out to no end (stupid virus)
Thanks...
Heres my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:03, on 22/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM_STI.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C... Read more

A:Anti virus 2009 and Trojan.Awax virus, help.

Read other 16 answers
RELEVANCY SCORE 108

Hi, I have the same issue as thread " Solved: trojan HDD doctor Recovery anti-virus" started by "ryndael".

Unfortunately this virus stops me accessing my laptop (details below) so I can't give you guys all the info you would like, and I'm posting this using my bloody iPhone.

Windows Vista Premium SP2
CPU: Duot5750
HD: 250
Memory: 3gb
Asus X71 series

Anyway, glad this virus seems as though it can be solved however, following the thread I get stuck here:

"Rebooted, opened task manager, and executed windows explorer from there in order to get my services running. This gets my comp pretty much back to normal. I can get online and do everything I should be able to."

I can't get online, it says I don't have permission to access it (tried running as administrator). What do I do? Am I right in thinking if I can get online I will be able to (as named thread states) "UPDATE: It was obviously some sort of rootkit. A free trial of UnHackMe zapped it finally".

I would be so grateful for some help...and I apologise if this is posted incorrectly?

Phill
 

A:Help please - known virus (trojan HDD doctor Recovery anti-virus)

Read other 16 answers
RELEVANCY SCORE 108

hope you can help me please.. i cannot scan with my optus internet security suite, i unistalled it and now i cant install again. same with the free avg and trial kaspersky anti-virus program both does not work

avg says this error message
"c:\program files\avg\avg8\avgui.exe
this application has failed to start because application configuration is incorrect. reinstalling the application may fix this problem."

kaspersky says i cannot install because in running in safe mode (which in not). or try to redownload

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:39 PM, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files ... Read more

A:Trojan Virus? Can't Install Any Anti-virus Program

Hello chocolatee,I apologise for the delay, the forum is too busy.If you still need help, post a new HijackThis log as per my instructions below.----------------------------------------------RENAME HIJACKTHISThere is some infection hiding in your log.Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Documents and Settings\MICHAEL\Desktop\HiJackThis.exe Right-click on HijackThis.exe & select Rename to scanner and post back a new Hijackthis log.

Read other 19 answers
RELEVANCY SCORE 108

Edit: add more detail

Yesterday I tried format my computer for about 3 times but it's still here.

This Virus/Trojan is blocking my internet connection to every Anti Virus web site (eg.Avast! Bitdefender) and it also blocks my bitdefender update too.

Bitdefender found some virus but seems like can't do anything about it.

----------------------------------
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\COMSYSAPP\ImagePath=]C:\WINDOWS\SYSTEM32\DLLHOST.EXE Gen:[email protected] Infected
[System]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETLOGON\DisplayName=]C:\WINDOWS\SYSTEM32\NET.EXE Gen:[email protected] Infected

-----------------------------------


I can access blocked anti virus web site in safemode,though


I'm sorry I can't do Gmer and zip attach.txt.The computer just denied to use winRAR or Zip,don't know why either.

----------------------------------------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 6:55:15.57 on Tue 08/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.3007.2247 [GMT 7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! antivirus 4.8.1335 [VPS 090803-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A27... Read more

A:[SOLVED] Virus/Trojan is blocking my Anti Virus,Need help :-(

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and BitDefender. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please go to: VirusTotalOn the page you'll find a Browse button.
Next to the Browse button you'll see a box to enter text.
Please copy/paste the following bolded text into the box:

C:\WINDOWS\Explorer.EXE

Then click the Send File button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once scanned, copy and paste the results in your next reply.
Please repeat for the following file:

C:\WINDOWS\system32\userinit.exe
------------------------------------------------------

Read other 3 answers
RELEVANCY SCORE 107.2

i tried removing a virus called 'trojan horse downloader dyfica.b' using AVG and Norton Anti-Virus. It comes back even though it says its healed it. can anyone help with the removal of this virus?

Thanks
Gaz
 

A:Solved: Virus - 'trojan horse downloader dyfica.b'

Read other 6 answers
RELEVANCY SCORE 106

Hope someone could help me with this virus : Trojan horse downloader.generic6.abkb

AVG tried to heal it but it keeps coming back and it freezes my browser.
I had tried several online scanner but none of them resolved it.

Hope someone could help me.
Thanks.

Here is the hijackthis file:
Logfile of HijackThis v1.99.1
Scan saved at 806 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\wscntfy.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\P... Read more

A:Virus Trojan horse downloader.generic6.abkb - Could not be removed

Hello and welcome to TSF

You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

=====================================================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
cop... Read more

Read other 7 answers
RELEVANCY SCORE 106

Hey all,

I was on an imageboard last night when things went wrong. I close my internet down to discover fake antivirus software running on ym computer. I shut down and booted into safe mode and ran a scan with AVG Free 8.5. It found two viruses, the one named in the title of this thread and one called sysguard.exe

I have quarantined the Zlob in the virus vault of Avg and have run both HJT and Smitfraud. here are both logs. (Note: the smitfraud log is one from a scan in NORMAL mode, not safe mode, if that makes a difference):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:45 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Lig... Read more

A:Found virus Trojan Horse downloader.Zlob Need HELP ASAP

Please close this thread. I have removed both viruses, but there is something you may want to know. After removing the sysguard.exe from my system, i rebooted to finalize the change made, and within the short amount of time in which my computer reboots, my hard drive was completely wiped out. Clean. nothing left. I researched sysguard.exe and found that it is spread by way of the Conficker virus. Just thought you would like to know this.
 

Read other 1 answers
RELEVANCY SCORE 106

hi

my computer have been infected with the Virus Trojan
horse downloader.generic6.abkb

AVG tried to heal it but it keeps coming back and
since it happened, my browsers are completed blocked.
(I can ping and traceroute, but not browse)

it seems very similar to another thread here,
http://www.techsupportforum.com/secu...t-removed.html
so I tried to follow the same first steps (thank yu
already for those^)


before all, Id need confirmation that this is indeed this trojan is indeed what disables my browsers, or if there is still another problem
In which case, I wonder if I should not reinstall windows completely on another disk... would it work or would the trojan still reappear ?


here is a highackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:41, on 18/01/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
H:\WINNT\System32\smss.exe
H:\WINNT\system32\winlogon.exe
H:\WINNT\system32\services.exe
H:\WINNT\system32\lsass.exe
H:\WINNT\system32\Ati2evxx.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\spoolsv.exe
H:\Program Files\a-squared Anti-Malware\a2service.exe
H:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
H:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
H:\PROGRA~1\Grisoft\AVG7\avgemc.exe
H:\WINNT\wscntfy.exe
H:\WINNT\system32\MSTask.exe
H:\WINNT\System32\WBEM\WinMgmt.exe
H:\WINNT\system32\svchost.exe
H:\WINNT\system32\Ati2evxx.ex... Read more

A:Virus Trojan horse downloader.generic6.abkb - Cant remove

I also tried running combofix

ComboFix 08-01-17.3 - JM Yolin 18/01/2008 16:46:50.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.220 [GMT 1:00]
Running from: H:\Documents and Settings\JM Yolin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 16:32 . 08-01-18 16:32 52,736 --a------ H:\WINNT\system32\lrprt7.exe
2008-01-18 16:32 . 08-01-18 16:32 52,736 --a------ H:\WINNT\system32\lrprt5.exe
2008-01-18 16:32 . 08-01-18 16:32 14,080 --a------ H:\WINNT\system32\drivers\sysproc.sys
2008-01-18 16:10 . 08-01-18 16:10 <DIR> d-------- H:\Deckard
2008-01-17 16:00 . 08-01-17 16:00 10,240 ---hs---- H:\WINNT\system32\drivers\spool.exe
2008-01-17 01:52 . 08-01-17 02:32 <DIR> d-------- H:\Program Files\a-squared Anti-Malware
2008-01-17 01:36 . 08-01-17 01:36 <DIR> d-------- H:\Program Files\CCleaner
2008-01-17 01:21 . 08-01-17 01:32 <DIR> d-------- H:\philippe
2008-01-17 00:33 . 00-08-31 08:00 51,200 --a------ H:\WINNT\NirCmd.exe
2008-01-15 23:23 . 08-01-15 23:23 <DIR> d-------- H:\Program Files\Abexo
2008-01-15 00:32 . 08-01-15 00:32 <DIR> d-------- H:\New Folder
2008-01-14 19:36 . 08-01-14 19:36 <DIR> d--h----- H:\WINNT\PIF
2008-01-12 20:58 . 08-01-12 16:43 433,152 -r-hs---- H:\WINNT\wscntfy.exe
2008-01-12 07:20 . 08-01-12... Read more

Read other 3 answers
RELEVANCY SCORE 106

Hello,
I am not sure if my notebook is infected. The AVG free scanner detected 2 infections both with that specification in the type of infection, however, so far I don't experience issues. The files infected are the .exe files for adobe9pro solutioncenter. AVG cannot remove the infected files, it says the moved object cannot be healed because the file is too large for the archive. I moved it to recycling bin, but I suppose that deleting the icons doesnt not solve the problem.
Is the computer effected? Do I need to buy and download a special software like AVG or spyware or it does not help at all?
AVG free cannot solve the problem - can anybody help?
Thanks!!
 

Read other answers
RELEVANCY SCORE 106

what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.

A:Want are the best afforable anti-virus for a trojan virus

Welcome
I am not one of the Windows Seven Security Experts, but I have read some of their posts. They have suggested many times that the best way to remove a trojan is to format and reinstall. Sorry, but I am just trying to offer the best help that I know how and would take my own advice if needed. I do wish you the best.

Read other 9 answers
RELEVANCY SCORE 105.2

A couple of days ago I contracted a virus. Initially I assumed that my virus scanner (Avira AntiVir) had caught it, but the next day a fake virus infection warning and glut of popups to an obviously fake virus scan website indicated otherwise.

It immediately attacked Spybot (to the point where I couldn't even install a new version), but didn't seem to consider my virus scanner a threat. Through multiple scans I've managed to get Spybot working again, and the popups and the fake virus alert have long since stopped, but there are still bits and pieces hiding around somewhere trying to cause problems. Earlier today, for example, it tried repeatedly to alter my registry by adding something called awepajor.dll (might've been awepajon), but that seemed to stop after a good ten minutes of denials.

Avira AntiVir recognises the virus as a trojan called FakeVir.LSK. At the moment there are two files Avira is consistently associating with it, all in the system32 folder; 303357.exe and frmwrk32.exe. I've quarantined both of them but I'm also getting several registry changes/additions that are reappearing after every restart.

I've also got the latest version of HijackThis downloaded, in case you want a log.

Can any of you help me, please?
 

A:Fake Anti-Virus Trojan

I'm not a fan of bumping my own threads, but this virus - at least I believe it is caused by the virus - has been erratically attacking my system for the last couple of days. The most serious incident was the spawning of several Vundo.gen viruses that, while I did quarantine as soon as possible, crippled my PC's processing speed and created a whole slew of annoying little trojans and spyware that I'm still not certain I've fully removed.

It's starting to seem like this virus is changing its tactics on a regular basis and I'm not entirely certain I can deal with them all on my own. Every time I think I've finally gotten rid of the worst of it something new and unpleasant pops up. It's more than a little frustrating.

I'll include a HijackThis log for the sake of being thorough.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:11 PM, on 25/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Pr... Read more

Read other 2 answers
RELEVANCY SCORE 105.2

called Exploit-wmf but it cannot delete or clean it. Can someone recommend a good trojan cleaner. Thanks.
 

A:My anti-virus said I am infected with a trojan...

Read other 7 answers
RELEVANCY SCORE 105.2

Hello
 
i have a trojan and my virus says this:
 
Operating memory » C:\Users\Laukage\AppData\Local\Temp\AppLaunch\Vbc.exe - a variant of Win32/Fynloski.AA trojan - unable to clean
 
i did a security check and now i dont know what to do please help me!
here it is:
 
 
 Results of screen317's Security Check version 0.99.60  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 5.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.0    
 Java 7 Update 15  
 Adobe Flash Player 11.6.602.171  
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 
 
i really hop u guys can help me!

A:trojan that my anti virus cant delete

Hello and welcome to the forum. Please see this section http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ i have reported this thread so it will be moved to the correct section.

Read other 18 answers
RELEVANCY SCORE 105.2

I have a PC with Windows XP Media Center that was just infected. This is not posted from the infected PC.
I can not access Anti-Virus/Malware programs as they are being blocked. Task Manager is being blocked. Safe Mode will not fully boot up, restarting after drivers load.
I can not find the XP Media Center disk (legal copy), but do have XP Home handy.
My sister was using the PC, Yahoo IM, when the fake warning popped up. AVG Free was active at the time, but the Trojan loaded anyway. She said nothing else but Yahoo was open at the time the Trojan popped up.
This is one of the ones that tells you to buy the "Anti-Virus" program to get rid of the infection.

A:Fake Anti-Virus Trojan

Hi,Try downloading MBAM, or are you able to download anything?Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and ... Read more

Read other 14 answers
RELEVANCY SCORE 105.2

I have downloaded several files that are suppose to be used to delete this, but none of them are working. I downloaded "the Cleaner" from one sight, but the trojan is not allowing me to run it. I downloaded malware by antimalware on another sight and had the same problem. I just downloaded the fixtm file file from this sight and the trojan will not let me run it. I don't know what to do next. Are there more current instructions available somewhere that will allow me to get rid of this?

A:Anti virus pro trojan removal

Try downloading rkill to your desktop from one of the following links. Double click the file and a black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If it does not work, then download the next file and try again.try this one http://download.bleepingcomputer.com/grinler/rkill.pifor this http://download.bleepingcomputer.com/grinler/rkill.scror this http://download.bleepingcomputer.com/grinler/rkill.exeor this http://download.bleepingcomputer.com/grinler/rkill.comNow, download Malwarebytes from http://malwarebytes.org/ update it and run a full scan. Remove any infections found and post the results in your next reply.

Read other 2 answers
RELEVANCY SCORE 105.2

Thank you.
Attempting manual help, will bump.

Read other answers
RELEVANCY SCORE 105.2

Hello
I am running Win XPpro SP3, My anti virus is Avast.

I am also using Comodo firewall.

I have noticed that in the last couple of days that when I search in Google I get an unwanted advert appear before the correct site.

Also my Avast licence is coming to an end but I something is stopping me from updating it.

I am also unable to start in safe mode.

I ran a trial version of TrojanHunter and it showed a rootkit problem but of course I have to buy the program to delete it. I cannot now remember what the details were.

Can someone help please.

Thank you.

A:My anti virus disabled by trojan??

Forgot to mention. I have run DDS txt and Attach txt. Not sure how to put them on here. Thanks

Read other 19 answers
RELEVANCY SCORE 105.2

Hi techguys you helped me a year or two ago with a virus that my computer had since then my comps been ok and i have been doing regular scans ect. A couple of days ago when web browsing a random error box poped up telling me there was somthing wrong with a file and that my computer would reset after a countdown. It reset and then when it re-booted i noticed a bubble pop up in bottom right corner of my screen where all the programs running are. I tryed to go into task manager but when i did i got an error message saying 'aplication cannot be executed. the file wuauclt.exe is infected. Do you want to activate your anti-virus software now?' i tryed opening mcafee but got the same message. i managed to run a spyware scan with a program called 'super anti spyware' which was recommended to me from here but the scan did not find the problem. since then ive been getting constant pop ups telling me my computer is infected and that i need to acsess this anti virus software. also I cannot acsess hijakthis becuase i get the same error message as before whenever i try to open the program.

I assume its some sort of trojan or somthing but i have no idea where to start about getting rid of it. Any help at all would be very much appreciated. Thankyou.
 

A:faulse anti-virus trojan?

i got a log in safemode

Logfile of HijackThis v1.99.1
Scan saved at 15:43:59, on 09/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/MTE3MTA=/2/3948/free1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot... Read more

Read other 2 answers