Over 1 million tech questions and answers.

infected by Vundo.AV Generic12.kao adloader_r.ER

Q: infected by Vundo.AV Generic12.kao adloader_r.ER

Hello, I'm looking at a friend's HP with XP SP2 installed. She couldn't get it booted. I was able to start it using the F8 menu option of 'last known good settings', then installed AVG8.0 and tried to update, it failed. I then ran a full scan and it found 25 trojans and viruses. AVG put them in the Vault. I can get online, but cannot go to any antivirus sites, like norton, Panda, etc. nor can I go to Windowsupdate, nor will it auto-update even though it's enabled. I was getting a crapload of popups, so I copied and pasted the lastest HJthis .exe to the desktop from my thumbdrive and tried to install it. No dice, just starts the process and then nothing. Same with Spybot and just about everything else I tried. I was finally able to use an older copy of Hijackthis and rename it to scanmya$$.exe and it has worked. It had quite a FEW bho's without a name or other info. I saved the log and removed them and then ran another AVG scan in safe mode, it came up empty. The online issues are still there, and I cannot install or run Combofix, CounterSpy, Malwarebytes. I was able to install Windows Defender, and Vundofix, but both came up clean in safemode and regular mode. I can post the Hijackthis logs of before and after, along with the startup list that HJ generates. I will try to get the list of stuff that AVG nabbed.
Any help is greatly appreciated, as the woman has alot of data on the HD and I really don't want to format, etc.
Thanks in advance
Dave

RELEVANCY SCORE 200
Preferred Solution: infected by Vundo.AV Generic12.kao adloader_r.ER

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: infected by Vundo.AV Generic12.kao adloader_r.ER

First log that I ran:file of HijackThis v1.99.1Scan saved at 12:27:25 AM, on 1/6/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Owner\Desktop\scanmyass.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: {8bb8} - {3c97467a-9140-4423-a1e2-2209345aeff5} - C:\WINDOWS\system32\tgpwxi.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLLO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {54CC03C2-A4AA-4D05-83FB-0AA032FCF494} - (no file)O2 - BHO: (no name) - {5CAB59B4-55A3-4737-9FD5-B93C6430BF77} - (no file)O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {834DD361-BBB1-4D95-9CD5-4E317B7F7BCD} - (no file)O2 - BHO: (no name) - {928A8DBD-2D5B-44FF-8140-0E590A05C3B8} - (no file)O2 - BHO: {7471d118-a854-8a88-1ea4-0e24db278049} - {940872bd-42e0-4ae1-88a8-458a811d1747} - C:\WINDOWS\system32\xakvlo.dllO2 - BHO: (no name) - {96981e09-9bf8-42d6-8316-58b9e1285b22} - (no file)O2 - BHO: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)O2 - BHO: (no name) - {A500474D-AB36-40C1-A15E-8694F134B7A2} - (no file)O2 - BHO: (no name) - {A5FA2E1C-2D37-40E3-A842-6DE6F1DDCF28} - (no file)O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - (no file)O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLLO3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389AO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O11 - Options group: [INTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204731858312O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - AppInit_DLLs: jurqns.dll,makuny.dll,xakvlo.dll,avgrsstx.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: nnnmmlMD - nnnmmlMD.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Read other 4 answers
RELEVANCY SCORE 63.2

I'm a first-time poster, so I apologize in advance for any mistakes I make.Problems started when AVG Free 8.0 found Downloader.Generic3.SZP and Generic12.LHS. I used AVG to remove them.My AVG scan that night found 18 infections (multiples of several):SHeur2.CRJSHeur2.HKSHeur.CRBJVundo.AVGeneric12.LHSIUpd721 (reference to)AVG cleaned them, but said 2 instaces of Vundo.AV (in lsass.exe and hlJDwTLD.dll) would be fixed on the next reboot. My next reboot failed. Tried to restore to recovery point, but that failed (nothing happened when I clicked on Next to do the restore). Eventually was able to run HijackThis (with a friend's help) and clean up enough things that my reboots now work (at least most of the time). Eventually ran Vundo Fix and VirtumundoBegoneand at that point AVG scans (when they worked) showed no issues.It appears that there's still leftover issues because of the following:IE (7.0) gets "cannot display the webpage" at many websites, especially those for AntiVirus/AntiSpyware, including AVG, Kaspersky, BleepingComputer (I'm running this on another computer)AVG Update fails with either "Update Manager: control file is missing" or "Connection failed"Running an AVG scan gets Avgwdsvc.exe encountered a problem. Sometimes the scan continues, sometimes it doesn't.I'm still getting some popups, including www.registrydefender.com, Searchme, Scan.scannerantispyware.com and 85.12.43.70Google Results page shows larger font than it used to.... Read more

A:IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?

I don't know if this is considered "bumping", but I have some additional information to add.I tried to run RSIT again. I still only got a log.txt file. However, I tried a Save As from there and saw that my prior run of RSIT had saved an info.txt log in the rst directory. Its contents are: info.txt logfile of random's system information tool 1.04 2008-11-27 14:17:41======Uninstall list======-->C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Progr... Read more

Read other 43 answers
RELEVANCY SCORE 62

(Sorry, typo in the title, should read clicker.vzm)So, I have had good look around and can't fix this by myself and would be very appreciative if someone would help me out.I was happily updating myself on what's going on in the world (on my boyfriends computer -oh dear) when I got a message from AVG saying it had detected an infection with prunnet.exe. I quickly disconnected from the internet, put prunnet.exe in the virus vault and proceeded to do a full system scan with AVG which picked up Trojan horse clicker.vzm. I also checked the running processes only to find prunnet still running so I terminated it manually too. On my computer I researched the TH and didn't come up with much but found a bit on prunnet which said use Malawarebytes. Also started to get generic antivirus popups (antivirus2009,2008 downloads) and both firefox and explorer tried to open on their own several times during the virus scan (computer still disconnected to internet)So, downloaded Malawarebytes (on my computer and transferred via pen drive to infected computer, update from 4.1.09) which came up with Vundo.H and Vundo (delete on reboot) and followed instructions. Upon reboot getting more popups, both mozilla and explorer (still haven't connected to internet since problem began). Second AVG scan now gives Trojan horse Generic12.ATAG. After dealing with that and another reboot both AVG and Malawarebytes don't detect anything but still getting popups. Also experienced problems w... Read more

A:Oh dear. Trojan problems (Vundo, clicker.vdm, generic12.atag)

Are you still unable to download off the net to the computer?-----------------------------------------------------------Please reboot the computerOpen MBAM and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan After scan click Remove Selected, Post new scan log for review

Read other 1 answers
RELEVANCY SCORE 58.4

Q:1. Is this trojan dangerous?2. What is the behaviour of the trojan?3. How to remove it?4. Do u know this trojan?here is the analysis:http://www.virustotal.com/analisis/d538654...23b9cee69c5f59bthx a lot,Best Regards

A:My xp infected with Generic12.AWAD Trojan

It is named "generic" because many trojans are classified with the same name. I am unsure of what it does because of this.If you cannot install or run the following program, read:Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will aut... Read more

Read other 1 answers
RELEVANCY SCORE 58

My AVG Resident Shield alert gave me 9 threats while I was away and not using the internet. Each threat says:

"C:\System Volume Information\_restore{2A014A50-9BC9-47DA-8527-2B08A8AC5697}\RP566\A0067660.exe";"Trojan horse Generic12.BVCJ";"Infected"

AVG gives 3 options: 1) Remove Selected Infections, 2) Remove all unhealed infections, and 3) close. The first file was able to be removed using 1), but none of the remaning 8 could be removed via 1) or 2). I am concerned about my computer so I have the following log. If anyone can help make sure my computer is safe, Id greatly appreciate it.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 21:11:22.44 on Sun 03/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.70 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1 ... Read more

A:Infected with Trojan horse Generic12.BVCJ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Hi,We seem to be infected with a virus: 'Trojan Horse backdoor.generic12.alsb' which is being stored in a syncmycal file in the user data area. There is also a STUBEXE folder which I find suspicious.I have ran AVG, superantivirus, ad-aware, ccleaner and now hijack this. The log is below and I'm pretty stuck, would love some help please!?Many thanksChrisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25:34, on 01/03/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\... Read more

A:Infected with Trojan Horse backdoor.generic12.alsb

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Hi there,

I've recently been stymied by an array of pop up windows in Firefox that I can't seem to get to go away. I have AVG installed, and upon scanning the software has detected various security threats & malware starting initially with files infected with Virtumonde. After supposively healing these infected files and restarting the computer, a second scan detected a variety of files infected with "Trojan Horse Generic12.AOVI". I sat down this evening to dig a little deeper into the issues when I began getting an Antivirus 2009 pop up screen that hijacks the browser. Occassionaly it attempts to hijack Internet Explorer as well, popping up the program even though I never use it. So needless to say, I'm stumped and quickly losing control of my system. I'm not the only one who uses this computer, so I'm unsure as to how this began. The computer is running quite slowly now as well. If any further info is needed to help solve this issue, just let me know and I'll get whatever is needed. Any help would be greatly appreciated!

Many thanks,
Larry
DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 22:20:18.79 on Wed 01/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.210 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDO... Read more

A:Possibly infected with Virtumonde or Trojan Horse Generic12?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 12 answers
RELEVANCY SCORE 52.4

I was running AVG and, stupidly not paying atttention, ended up installing AV8 which seems to have brought with it software that redirects web pages to other site with ads on them when you click on links. I can get to any site I want but only if I type in the URL. If I click on links I get redirected.AVG saw it as Trojan Horse adload_r.AKJ. It always found multiple instances but could only remove half...all instances were associated with a system tray program that started up or with a program that was started or running. The instances that couldn't be removed were in memory, two instances per program running.I ran the AVG Rescue Disk and it didn't see this problem at all. Just out of curiosity I rand AVG in Safe Mode (Windows Vista)and the it did find the adload_r.AKJ marker but only in the AVG program that was running. So this sucker is hiding someplace and only shows up when a program is run.I've also scanned with McAfee and it didn't find anything.Sorry...I didn't do it right the first time...this is not an intentional bump.Below is the DDS.txt file:DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by Dick at 17:04:43.30 on Sun 12/05/2010BrowserJavaVersion: 1.6.0_22Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.6134.3724 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\l... Read more

A:adloader_r.akj

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 16 answers
RELEVANCY SCORE 52.4

I'm at wit's end. Despite daily scans with both AVG Personal and MalwareBytes, along with sporadic sweeps with Piriform's CCleaner and Adaware, I somehow got smacked with the Antivir Suite baddy about a month ago. I thought I had managed to get rid of it, but I knew it was still around when I started getting random opened windows and my computer started acting very sluggish. When I checked the processes, I had a billion svchosts open, and they were sucking ridiculous amounts of resources. Also, when I restarted my computer, I would have to restart my DHCP and Windows Audio in the Services menu. Conversely, I cannot start Windows Firewall in the Services menu.I followed the guide to put a post here, and all went smashingly until I got to the gmer part. For two days I tried scanning with gmer, only to have my computer randomly restart multiple times. At last I ran it in safe mode and managed to get it to complete five hours later, but I don't know if the log will still be useful with it having been run in safe mode. Also, while typing this, Adaware just popped up to tell me that it blocked svchost.exe from connecting to a malicious website on the Internet. IP address: 91.212.226.5 port 443.We've already had our credit card information stolen and had to deal with that nightmare. It would be awesome if I could somehow fix my computer without having to do a full wipe. Fingers crossed!DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by petal at 18:38:08.39 on Fri ... Read more

A:adloader_r

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 6 answers
RELEVANCY SCORE 51.2

I have found this trojan horse on my system with AVG and can not remove it. I also use and run spybot. My last scan showed on spy bot nothing and AVG I had this trojan and can not get rid of it. I used Malwarebytes' Anti malware and this is what it found :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4650

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/09/2010 8:02:27 AM
mbam-log-2010-09-19 (08-02-27).txt

Scan type: Quick scan
Objects scanned: 137796
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Any ideas?

thank you.
 

A:trojan horse Adloader_r.AKC

Download ComboFix here :

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 

Read other 1 answers
RELEVANCY SCORE 47.6

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

A:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

Read other 10 answers
RELEVANCY SCORE 47.6

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

A:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 10 answers
RELEVANCY SCORE 47.2

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

A:Infected With Vundo,vundo B,vundo.dll.,virtumonde

Hello dujma and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not cha... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

A:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Dim Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop C... Read more

Read other 9 answers
RELEVANCY SCORE 44.8

Hello.Could you please help me? A couple days ago, I got hit with a TON of trojans while at Kings of Chaos. McAfee sent up notice after notice that it had caught and "removed" this trojan and that trojan and I don't know how many FakeAlert thingies.A McAfee scan turns up nothing. Spybot Search & Destroy shows a Firewall Bypass and Malwarebytes' Anti-Malware shows two instances of Trojan.Vundo, eight of Trojan.Vundo.H, two Trojan.FakeAlerts, three Fake.SystemTools & one Disabled.SecurityCenter. Since yesterday I've been getting VUNDO.gen.bp "caught and removed" notices from McAfee.I "remove" these with Spybot & Malwarebytes and they keep coming back. They mainly seem to be opening new windows, opening up IE and just causing a pretty heavy lag. I'm getting fake virus removal programs popping up too. Oh, and "Are you sure you want to navigate away from this page?" stuff but that only seems to be happening at Facebook so that could be them I suppose.Thanks for any help you can provide.

A:Infected with Vundo, Vundo.H and FakeAlerts

Hello and welcome.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install a... Read more

Read other 19 answers
RELEVANCY SCORE 44.8

Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-06 15:52:50Microsoft Windows XP Home Edition Service Pack 3System drive C: has 39 GB (54%) free of 72 GBTotal RAM: 990 MB (40% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:53:06 PM, on 12/6/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Lexmark 3400 Series\ezprint.exeC:\Program Fi... Read more

A:Infected with Vundo.H and other Vundo components

Hello Matt0852 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 5 answers
RELEVANCY SCORE 42.8

Hi, I have the exact issue as:

http://forums.techguy.org/malware-removal-hijackthis-logs/801173-crap-trojanhorse-virus.html

If it helps I have the EXE here and saved it as a .txt before moving it to the virus vault of AVG...

beckster, if you're reading this, check your profile public messages... I posted there, it's so ridiculous new members can't send PMs... Argh!!
 

Read other answers
RELEVANCY SCORE 42

Hi

Has anyone come across Trojan horse Generic12.HTC? AVG has picked it up on my PC.

Many thanks
 

A:Trojan horse Generic12.HTC

Different AV products call infection different names. You will have to give more details like name of file, location of file, etc or post a hijackthis log for review.
 

Read other 1 answers
RELEVANCY SCORE 42

My computer is currently infected by Trojan horse Generic12...
My free version of AVG Anti-Virus software is not able to remove them. What software to I download to fix this?

Please help!!
Thanks!!!
 

Read other answers
RELEVANCY SCORE 42

Today, I when I logged into my computer, AVG (my antivirus program) detected multiple viruses with the Resident Shield. The viruses where labeled as Trojan Horse Generic12.BOQT and Trojan Horse Generic12.BOQR. I think I got the virus yesterday. I remember I was on Facebook and I saw the alert that _____ has tagged me in an album. I clicked the word album and it led me to a pg that didn't work. I heard that the alert was actually bad and it was a virus. I didn't know until now. Also, yesterday, I downloaded a couple of videos from megaupload, mediafire and usaupload. I think usaupload could've been what gave me the virus but I'm not sure. AVG detected a virus after I clicked the Facebook link and I think after I clicked the usaupload. I'm not sure, but I think it also detected something when I went on YouTube. The virus detected was something like Exploit ActiveX MCAD. Well today, as I said, AVG detected multiple threats with Resident Shield. I didn't remove them to the virus vault so it's in my computer. Everytime I go on Mozilla Firefox or any web browser, I would get pop-ups once in a while. Also, my Windows Security Alert told me that the Antivirus Protection thing wasn't turned on. I tried turning it on, but nothing happened.

Here is the DDS log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 19:34:54.89 on Fri 02/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.292 [GMT -8:... Read more

A:Trojan Horse Generic12

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 7 answers
RELEVANCY SCORE 42

So, I did a virus scan with AVG Free and it found 33 instances of Trojan Horse Generic 12.pjz. 2 of the problems were fixable, while the other 31 gave the error "Moved object is bigger then the archive size limit."

I followed the instructions within the sticky. The results are posted below. I also have another thread going right now, but it is not for this computer. So, please don't get them confused or relate the two. Thanks in advance.....


DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 16:42:06.17 on 12/30/08
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.127 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Diskeepe... Read more

A:Trojan Horse Generic12.pjz -- Please help

Anyone?

Read other 7 answers
RELEVANCY SCORE 42

I plugged in my external USB hard drive and when I double click the drive icon I get an access denied warning, and AVG shows a pop up saying that Ive been infected with the Generic12.YAO trojan. I then proceed to heal the infected file. When I try to access the drive again, I still get the access denied warning but no warning about the trojan. I can still access the drive by right-clicking and choosing explore.I ran a full system scan with AVG which showed no viruses or trojans are on my computer. I then ran MalwareBytes' Anti-Malware program and AVG popped up showing that I was infected with the same trojan. I healed it again and Anti-Malware showed no infected files. I still can't access the drive when double-clicking the icon.Here's a pic of the AVG warning that came up while running Anti-Malware:Thanks for any help.

A:Trojan Horse Generic12.YAO

The file location shown in the image you posted is "system restore".You can remove what AVG is reporting by deleting all restore points. Instructions on how to do that are in the links below. Be sure to reset system restore after removing the restore points. XP guidehttp://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/Vista guidehttp://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/You should also permanently delete the items in AVG's quarantine "safe" or whatever they call it. If AVG reports the same problem again, you should run an online scan with Kaspersky online scanner. Instructions for using it are in the link below. Post back with what Kaspersky finds if you use it. http://www.bleepingcomputer.com/forums/ind...t&p=1045589

Read other 6 answers
RELEVANCY SCORE 41.6

My Dell Inspiron 6000 computer got infected with a BackDoor.Generic12.GOG.Dropper by using a newly downloaded executable file. I tested the security of that exe-file with AVG before opening it, and AVG didn't signal any risk. Yet shortly after opening the downloaded file, I got the first of many AVG-generated messages that above mentioned threaths were found, which I systematically put in quarantaine.

The file who originally created the randomly named files -with numeric names like 447281.exe and 102242.exe - was called hugb.exe. I renamed it !hugb.exe it and changed the single appearance of it in the register, making it something like xhxuxgxbx.exe. Yet, after restarting the computer, the warnings reappeared, mostly while using Outlook.

I don't know how to get rid of this threath and would be grateful for any help.

One extra question: can I send emails without the risk infecting other people before the threath had been removed, AVG being active all the time and scanning all messages ?

I do have a legal copy of the windows XP Pro OS on CD-Rom, yet no emergency boot CD - I don't know how nor why to create it.

Please find hereunder the requested DDS-file.

Thk you in advance for your help.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Erik at 12:14:57,79 on 17/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.227 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD0... Read more

A:how to remove BackDoor.Generic12.GOG.Dropper

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications,... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

Hi guys !I have AVG and it has picked up on these :Trojan horse Generic12.AMDM Trojan horse Generic10.MGIthey seem attached to my essential .DLL files and usually AVG detects the threat when i open up a programand i can't heal them! my computer just switches off when i select heal!it's really annoying because i have to select ignore all the time..any help would be MAGIC.http://www.bleepingcomputer.com/forums/style_emoticons/default/thumbup2.gif

A:Trojan horse Generic12.AMDM , + more... help!

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 1 answers
RELEVANCY SCORE 41.6

I noticed this virus first when I couldn't logon to my windows xp sign-in. I would enter details into my sign-in box and then I got a message saying windows is stopping this program from execution to protect computer from damage. I went back a few days and did a system restore, got the computer running, did a virus scan and removal with 'Norman free scan', went into safe mode and did a scan with 'drweb-cureit'. Both of these procedures removed infections, but this morning I get pop-ups from AVG resident Shield saying that there are viruses. I have read somewhere that this is a nasty virus that gets you to remove good files. Thank you for any help you can give me.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Randy at 9:39:23.79 on Fri 03/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2459 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
c:xamppapachebinapache.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:PROGRA~1AVGAVG8avgfws8.exe
C:Program FilesCommon FilesInterVideoDeviceServiceD... Read more

A:Trojan Horse Generic12.BYMI

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions th... Read more

Read other 3 answers
RELEVANCY SCORE 41.6

Hi, I'm infected with the SHeur2.ISU & Generic12.AJTA trojans as detected by AVG 8.0. Can someone please help me eradicate these?

Thank You
Steve

A:SHeur2.ISU & Generic12.AJTA trojan

Hello Steve. Please give us the scan log from this MBAM scanner.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in pro... Read more

Read other 9 answers
RELEVANCY SCORE 41.6

A few days ago my computer began having some issues. It's a Toshiba Satellite laptop running Vista. It's about a year old. I run AVG Free normally. AVG detected "Trojan horse BackDoor.Generic12.aaus" in two places, C:\Windows\SysWOW64\winlogon32.exe and C:\Windows\SysWOW64\smss32.exe AVG was unable to remove the infections. It gave me the option to force remove the objects, but then the computer froze. I installed Threatfire, but it couldn't find the infection.

There is a suspicious program in my program list now called "Internet Security 2010" that I've uninstalled twice, but it keeps reappearing. I can't access the Task Manager, and my browsers (Firefox and IE) tell me they "cannot display the webpage". (I'm posting this from another computer and using an external drive to bring over the Hijack This log). Any help would be appreciated.

Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 5:14:34 PM, on 1/23/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Toshiba\TOS... Read more

A:Trojan horse BackDoor.Generic12

Is there any more information I need to give so that someone can help me figure out this problem?
 

Read other 1 answers
RELEVANCY SCORE 41.6

Hi guys! Can someone help me remove a couple of nasty virus. It's called a Trojan Horse.BackDoor.Generic12.BCNC and the other is a Trojan Horse. Dropper. VB.CZE

I have been scanning my PC and keep getting these even if they have already been removed by Malwarebytes.

I think it even downloaded an "anti virus" software by itself called "Security Tools" have any you heard about this before?

Thanks so much!
 

Read other answers
RELEVANCY SCORE 41.6

Hi TSF,

I got this trojan after downloading an .exe thinking it was something else. AVG constantly reminded me that this has infected my computer and I always moved it to the Virus Vault. I ran AVG, Spybot and Malaware while being disconnected as an attempt to do a 3 prong attack on the infection. It was gone until i restarted my computer. I am assuming that it has registries that resume the trojan's activity when you restart it. I did some googling to find out how to remove it and stumbled upon a post:

http://www.techsupportforum.com/f284...ne-450285.html

So instead of taking an initiative in doing things on my own (knowing that I can't do it alone) I would like you guys to help me out step by step. I will subscribe to this post in case of anything. please help me ASAP :)

A:BackDoor.Generic12.GOG.Dropper need urgent help

Welcome ehspeed :)

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 41.6

Hi - Here's my dds log per the instructions. Rootrepeal returns an "exception Address 0x004eca19" error
I appreciate the help!
DDS (Ver_09-10-26.01) - NTFSx86
Run by 10057344 at 19:09:31.35 on Sun 11/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2808 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\JC\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
svchost.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\Frame... Read more

A:Infected with Vundo and Vundo.h

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 17 answers
RELEVANCY SCORE 41.6

Hello,
I have Mcafee "Total Protection" and it keeps removing a trojan called "Vundo!grb", "Vundo.gen.at", & "Vundo.gen.ao".
I also have been getting lots of pop-up ads for virus removal. I noticed it a few days ago. I'm not sure how to remove it as Mcafee does not explain nor does it completly remove it. Also, whenever I shutdown my system I recieve a message somthing about waiting for "rundll32.exe" to shutdown but it never does. then asks if I want to end it.

Thanks for your help!

Below are the logs:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Mark at 20:40:16.82 on Thu 04/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.695 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mD... Read more

A:Infected with Vundo!grb &Vundo.gen.at

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Norman Malware Cleaner and save it to your Desktop.Reboot your computer into Safe Mode.Double-click Norman Malware Cleaner >> click Accept >> click Start scanLet it finish it scan. A log will be created on your Desktop. Post the log in your next replyNEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop. <<mirror>>Please rename the random filename into GAMERSOpen the renamed program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in... Read more

Read other 15 answers
RELEVANCY SCORE 41.6

Hi guys! I know the Vundo trojan has been posted about numerous times, and I have tried to follow other people's threads to get rid of them, but it hasn't worked. This fix seems like one that's dfferent for everyone, so I'm asking for help from the experts! Essentially, the classic Vundo symptoms (IE acting strange/slow, random unrelated pop-ups) started appearing on my system yesterday and no scans seem to be able to get rid of the few related trojans I've managed to pick up. The windows live scan did pick up 18 infections of gen !AC and gen !R Vundos but couldn't get rid of them if that's any help.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:32 AM, on 14/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\sp... Read more

A:Infected with Vundo gen!AC and Vundo gen!R

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 3 answers
RELEVANCY SCORE 41.2

Hi,

I need help with Trojan horse BackDoor.Generic12.GOG.dropper
it keeps popup saying it is a threat. i'm using AVG anti virus

A:Trojan horse BackDoor.Generic12.GOG.dropper

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 41.2

Hey guys, yesterday I downloaded a malicious file which I suspected was a virus. But my friend said I wasn't a virus, and before opening I ran the program on virusscan.jotti.org - No virusscanners detected anything.Anyways, it turned out to be a virus.Every 3-5 minutes my AVG warns me it detected a Trojan horse Backdoor.Generic12.GOG.dropper.I tried a full system check with spybot S&D, but this didn't change anything.Here are my logs: "DDS.TXT"DDS (Ver_09-12-01.01) - NTFSx86 Run by hp at 14:11:56,00 on zo 10-01-2010Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.31.1043.18.3326.1987 [GMT 1:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe ... Read more

A:Trojan horse: Backdoor.Generic12.GOG.dropper

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 4 answers
RELEVANCY SCORE 41.2

avg picked up said virus yesterday and after doing some searching i came across combofix with tutorial. i did run combofix and them came here to post my log. only to see it says to not post any logs and do not use it without someone who has been trained to use it. well oops.. to late, lol. everything seems fine. i did run spybot after and it turned up nothing. i have the log saved to my desk top and i would love to have some help with what ever steps need to be taken next. thanks!

A:trojan horse BackDoor.Generic12.GOG.dropper

avg picked up a virus yesterday called trojan horse Back Door. generic12 and after doing some searching i came across combofix with tutorial. i did run combofix and them came here to post my log. only to see it says to not post any logs and do not use it without someone who has been trained to use it. well oops.. to late, lol. everything seemedfine. i ran spybot after and it turned up nothing. i have the log saved to my desk top. earlier i had to uninstal AVG in order to run combofix. upon reinstallation a new threat was detected "trojan horse Generic16.WTC". it seems to be in my spybot, quicktime, IE, java, itunes ( to name a few)and even in my childs leapfrog software. please help me get rid of this!

Read other 2 answers
RELEVANCY SCORE 41.2

Hey guys, at the moment Iíve got a problem with 'trojan horse generic12.bzms', AVG keeps flagging it up, now Iíve tried a number of programs in an effort to remove it, however it is still showing up and I can't find any info on it anywhere, I'm stuck for a solution, anyone know how to get rid of it?

here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:06, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE... Read more

Read other answers
RELEVANCY SCORE 41.2

Hello,

I am running Windows XP Service Pack 3 and recently my AVG Virus Scan 9.0 found the following Trojan Horse which it cannot seem to get rid off:

Trojan Horse Backdoor.Generic12.CJBK

Please help me in eliminating this trojan. I followed the "First Steps" as requested and will post the logs below, but I ran into some trouble getting the GMER log. When I originally ran GMER, it found rootkit activity so I checked the boxes for "Sections" and "C:\" and hit Scan. Then the window closed and GMER never came up again with a log. I tried to re-run GMER but I get the following error message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."


Also, I do not have direct access to a Windows XP disc...but, I could get one in a week or so when I visit my parents' home.


Your help is much appreciated!!!!!

Thanks in advance,

-Alex


DDS.TXT log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 19:35:36.93 on Mon 01/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.402 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLa... Read more

A:Trojan Horse Backdoor.Generic12.CJBK Help

Hello and welcome to TSF.

ComboFix is needed to remove the malware entries I see. However, AVG incorrectly targets ComboFix's embedded files. ComboFix will not run with AVG installed. Please uninstall AVG before continuing. You can reinstall it, or another antivirus such as Avira or avast!, after we've used ComboFix to clear the infection.

After uninstalling AVG from the Control Panel, also run the AVG remover from their site.

http://www.avg.com/us-en/download-tools

direct link to the AVG Remover:

http://download.avg.com/filedir/util..._2011_1149.exe

You may also use this tool to uninstall AVG:
http://www.appremover.com/appremover/avg/AppRemover.exe

Instructions:
http://www.appremover.com/about/using-appremover.html

Meanwhile, do not surf the net with this machine but use it only to communicate with us.

=====================

Then, please download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how, please look in here:

How to disable your security applications

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-in... Read more

Read other 19 answers
RELEVANCY SCORE 41.2

Hi,

I need help removing this virus (Trojan horse BackDoor.Generic12.GOG.dropper
), and as said in the instructions for using ComboFix I require a trained user with this program. Any help would be greatly appreciated!

Thanks,
Ian

A:Trojan horse BackDoor.Generic12.GOG.dropper

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 41.2

Hey guys,I am experiencing some difficulty removing these Trojan viruses, frankly, I am not sure what it is. Here is my Hijack log, if someone could kindly take a look at my log and perhaps identify the source of the problem, I would greatly appreciate all the help I can get. Thanks!!JeremyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:39:56 PM, on 2/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\GameSpy\Comrade\Comrade.exeC:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exeC:\Program Files\Common Files\Apple\Mobile ... Read more

A:Help please - Trojan virus causing .DLL errors (Generic12 and BHO)

Hi jstridezWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please do this.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.Thanksmaranatha

Read other 2 answers
RELEVANCY SCORE 41.2

Hi there, I installed a few applications earlier to help find cover art for my iphone and now I'm constantly seeing this 'trojan horse backdoor.generic12.gog.dropper' popping up from AVG every 2 minutes.

I think I've followed the instructions properly, so here is the 'DDS.txt' file and I've attached the 'ark.txt' and the 'Attach.txt' files also.

==========
DDS.txt
==========


DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris at 21:55:14.90 on 16/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.703.209 [GMT 0:00]

AV: AVG Anti-Virus SBS Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Chris\otkoyop.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Win... Read more

A:trojan horse backdoor.generic12.gog.dropper

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please temporarily uninstall Daemon Tools and run the sptd remover, as outlined in our pre-posting topic, and also here

http://www.techsupportforum.com/f50/...ol-431469.h... Read more

Read other 12 answers
RELEVANCY SCORE 41.2

Basically i have this virus and i have no idea where it came from. It was probably my brother and hes just not saying anything. Basically it keeps popping up every two minutes even though i keep healing it. It sounds pretty nasty and i'm worried because i'm not sure if its a password stealer or what!!! Would be very helpful if you could take me through this and help me get rid of it as soon as possible, i understand if your busy.
EDIT: After downloading autoruns and using basic knowledge and luck i was able to find, what i think, was the exe file that it seemed to be and deleted it. When i went to the recycle bin to clear the folder it popped up with another recycler virus of somesort but that was healed. Would be great to if somebody could still run through my logs to double check for me.

A:Trojan Horse BackDoor.Generic12.GOG.dropper

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

Read other 1 answers
RELEVANCY SCORE 41.2

After having issues connecting to the Internet and terrible performance once finally connected, I notice my AVG has uncovered the trojan, subject above. It is located in my C:\Documents and Settings\HP_Administrator\Local Settings\Temp\9 path. I have followed the directions from a previous thread regarding this issue.

Though I may be able to find a Windows Install disc and/or boot CD, it would take me a while to find them.

See below:

DDS ......

DDS (Ver_09-11-29.01) - NTFSx86
Run by HP_Administrator at 10:09:52.12 on Mon 11/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.199 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\IBM\Common\acsi\bin\jservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\W... Read more

A:Trojan hors BackDoor.Generic12.GOG.dropper

Hello and Welcome to TSF. We need to see all three logs in order to help you.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 41.2

Sorry for having to start a new thread, but for the life of me, can't find any button that allows me to Reply to Post.

In any event, thanks chemist for responding previously. Apparently the zipx files that I thought I had attached weren't allowed. Let's try this again.

--------------------------------------------------------------------------------

After having issues connecting to the Internet and terrible performance once finally connected, I notice my AVG has uncovered the trojan, subject above. It is located in my C:\Documents and Settings\HP_Administrator\Local Settings\Temp\9 path. I have followed the directions from a previous thread regarding this issue.

Though I may be able to find a Windows Install disc and/or boot CD, it would take me a while to find them.

See below:

DDS ......

DDS (Ver_09-11-29.01) - NTFSx86
Run by HP_Administrator at 10:09:52.12 on Mon 11/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.199 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) VigLink vBulletin Plugin v2.0.7.0001: http://viglink.com 9

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawse... Read more

A:Trojan hors BackDoor.Generic12.GOG.dropper

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 15 answers
RELEVANCY SCORE 41.2

i opened a file with a trojan horse generic12.eov and when i restarted. i started having problems in my OS. first is when i'm copying multiple jpeg images (more than 10) the copying takes so long and sometimes it hangs. i experienced this also when i'm copying or moving a large rar file (256mb), it just says calculating time... for a long time.

my system feels sluggish, feels like theres a background task, i'm always having a non-responding message.

when i'm playing on kmplayer, after about 8mins, my video just stop and i can't access task manager so i need to press the restart button, it happened 2 times.

i scanned my pc with updated avg internet security, free avira and malwarebytes. they detected nothing.

i formatted my system drive and installed a new vista OS and perform a full system scan on avg. it detected nothing.
but it still takes so long on copying or moving file/s and sometimes it just hangs.

is these a virus, malware, trojan, etc?
i hope someone can help me.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:28 PM, on 6/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C... Read more

A:can't copy a file - trojan horse generic12

Hello and Welcome to TSF.

If you just formatted, it's doubtful that it's infection related.

You have more than one AntiVirus installed.

As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, Avira and AVG. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstall-----------------------------------------------------------------------

If you still need assistance for what you think is a malware related issue....

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
... Read more

Read other 1 answers
RELEVANCY SCORE 41.2

My computer has been slow lately. I ran an antivirus scan and my MASM exes are infected with Trojan Horse Generic12.KDK and 4 Win32/Heur. I need some tips on keeping my computer safer, such as essential security programs and websites, as well as getting my laptop cleaned. I scanned with AVG Free.

Thank you.
 

A:Trojan Horse Generic12.KDK and 4 Win32/Heur

bump
Posted via Mobile Device
 

Read other 2 answers
RELEVANCY SCORE 41.2

As the title says, I am one of the many victims of the backdoor.generic12.gog.dropper trojan, please help me!

Each time I open windows explorer (for istance via my computer) avg says the file is found on my temp folder.

Sometimes it says about "Win32/cryptor" virus, on the explorer.exe about a cvas0.dll or something..

Also, I can't change the view folder option to reveal hidden folders.

Could you tell me what to do step by step?
I have tried everything and this combo thing you say in these threads seem a bit confusing..

I thank you all in advance

PS currently my spyware and antivirus progs i have are:
Windows Defender
AVG free 9
SUPERAntiSpyware 4.33

A:Trojan backdoor.generic12.gog.dropper (herss.exe ?)

Hello and Welcome.

Do NOT attempt to run Combofix without the supervision of one trained in it's use.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers