Over 1 million tech questions and answers.

Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

Q: Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mDefault_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [VTTimer] VTTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link\d-link airplus g+ wireless adapter utility\DWLGTI.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275777123875
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-6 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-6 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-6 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-6 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-6 308064]
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\drivers\GPLUS.sys [2010-6-5 283392]

=============== Created Last 30 ================

2010-06-08 17:32:44 0 d-----w- c:\windows\BTV.0001
2010-06-08 13:40:03 0 d--h--w- C:\$AVG
2010-06-08 11:23:46 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
2010-06-07 00:16:31 69632 ----a-w- c:\windows\system32\vuins32.dll
2010-06-07 00:16:31 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2010-06-07 00:16:31 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-06-07 00:07:20 40960 ----a-r- c:\windows\system32\VModes.exe
2010-06-07 00:07:07 52037 ----a-w- c:\windows\system32\VTDispl3.cfg
2010-06-07 00:07:07 35496 ----a-w- c:\windows\system32\VTGama_2.cfg
2010-06-07 00:07:07 33451 ----a-w- c:\windows\system32\VTOvrly2.cfg
2010-06-06 21:23:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-06 21:23:10 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-06 21:23:02 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-06 21:22:52 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-06 21:20:23 0 d-----w- c:\program files\AVG
2010-06-06 21:20:06 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-06 17:48:19 0 d-----w- c:\windows\system32\scripting
2010-06-06 17:48:18 0 d-----w- c:\windows\l2schemas
2010-06-06 17:48:17 0 d-----w- c:\windows\system32\en
2010-06-06 17:44:16 0 d-----w- c:\windows\network diagnostic
2010-06-06 17:09:59 1261 ------w- c:\windows\system32\pid.inf
2010-06-06 13:45:18 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-06-06 13:44:22 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-06-06 00:05:47 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-06 00:05:32 0 d-----w- c:\windows\ie8updates
2010-06-06 00:05:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-06 00:05:17 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-06 00:05:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-06 00:05:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-06 00:05:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-06 00:05:17 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-06 00:04:13 0 dc-h--w- c:\windows\ie8
2010-06-05 23:56:52 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-05 23:55:52 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-05 23:55:17 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-06-05 23:55:03 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-05 23:54:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-05 23:54:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-05 23:54:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-05 23:51:56 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-06-05 23:50:43 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-06-05 23:50:37 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-06-05 23:48:25 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-06-05 23:48:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-05 23:48:09 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-06-05 23:47:30 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-05 23:47:26 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-05 23:44:50 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-06-05 23:44:50 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-06-05 23:44:45 25 ----a-w- c:\windows\mixerdef.ini
2010-06-05 23:43:43 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-06-05 23:33:34 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-06-05 23:32:53 0 d-----w- c:\windows\peernet
2010-06-05 23:32:52 0 d-----w- c:\windows\provisioning
2010-06-05 23:31:13 0 d-----w- c:\windows\ServicePackFiles
2010-06-05 23:26:31 0 d-----w- c:\windows\EHome
2010-06-05 23:21:13 7208 ------w- c:\windows\system32\secupd.sig
2010-06-05 23:21:13 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2010-06-05 23:21:13 4569 ------w- c:\windows\system32\secupd.dat
2010-06-05 23:21:13 11264 ------w- c:\windows\system32\spnpinst.exe
2010-06-05 23:09:30 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-06-05 23:09:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2010-06-05 23:09:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-06-05 23:09:15 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2010-06-05 23:09:12 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-06-05 23:09:12 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-06-05 22:38:27 0 d-----w- c:\windows\system32\PreInstall
2010-06-05 22:38:24 0 d--h--w- c:\windows\$hf_mig$
2010-06-05 22:37:47 0 d-----w- c:\windows\system32\bits
2010-06-05 22:37:06 8192 ------w- c:\windows\system32\bitsprx2.dll
2010-06-05 22:37:06 7168 ------w- c:\windows\system32\bitsprx3.dll
2010-06-05 22:37:06 438784 ------w- c:\windows\system32\xpob2res.dll
2010-06-05 22:37:06 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-06-05 22:37:05 354816 ----a-w- c:\windows\system32\winhttp.dll
2010-06-05 22:33:26 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-06-05 22:33:26 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-06-05 22:33:25 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-06-05 22:33:25 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-06-05 22:33:25 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-06-05 22:31:32 13646 ----a-w- c:\windows\system32\wpa.bak
2010-06-05 2220 83024 ----a-w- c:\windows\system32\drivers\FwRad16.bin
2010-06-05 2220 283392 ----a-w- c:\windows\system32\drivers\GPLUS.sys
2010-06-05 2220 0 d-----w- c:\program files\D-Link
2010-06-05 21:35:10 0 d-sh--w- c:\documents and settings\owner\UserData
2010-06-05 21:34:08 65536 ----a-w- c:\windows\system32\YCRWin32.dll
2010-06-05 21:34:04 89088 ----a-w- c:\windows\system32\ATL71.DLL
2010-06-05 21:34:04 84992 ----a-w- c:\windows\system32\ATL70.DLL
2010-06-05 21:34:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-05 21:34:04 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-05 21:34:04 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-05 21:33:52 0 d-----w- c:\program files\Yahoo!
2010-06-05 21:33:15 95616 ------w- c:\windows\system32\BTEmailConfig.dll
2010-06-05 21:33:09 0 d-----w- c:\windows\BTV.0000
2010-06-05 21:32:22 0 d-----w- c:\program files\common files\Motive
2010-06-05 21:32:10 0 d-----w- c:\program files\BT Broadband Desktop Help
2010-06-05 21:32:04 0 d-----w- c:\program files\BTHomeHub
2010-06-05 20:52:07 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-06-05 20:52:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-06-05 20:51:46 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-06-05 20:51:45 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2010-06-05 20:51:44 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-06-05 20:51:39 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2010-06-05 20:51:37 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-06-05 20:51:27 0 d-----w- c:\program files\Realtek AC97
2010-06-05 20:51:26 141016 ----a-w- c:\windows\system32\alsndmgr.wav
2010-06-05 20:51:26 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-06-05 20:51:24 577536 ----a-w- c:\windows\soundman.exe
2010-06-05 20:51:24 315392 ----a-w- c:\windows\alcupd.exe
2010-06-05 20:51:24 217088 ----a-w- c:\windows\Alcrmv.exe
2010-06-05 20:51:24 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl
2010-06-05 20:51:24 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-06-05 20:50:43 0 d-----w- C:\pnp
2010-06-05 20:50:27 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-06-05 20:50:27 0 d-----w- c:\windows\system32\ReinstallBackups
2010-06-05 20:49:36 0 d-----w- c:\documents and settings\owner\WINDOWS
2010-06-05 20:37:52 0 d-----w- c:\windows\Profiles
2010-06-05 20:37:51 0 d-----w- c:\windows\system32\Adobe
2010-06-05 20:37:48 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-05 20:32:12 84644 ----a-w- c:\windows\system32\drivers\FwRad17.bin
2010-06-05 20:32:12 62865 ----a-w- c:\windows\system32\drivers\odysseyIM3.sys
2010-06-05 20:32:12 61440 ----a-w- c:\windows\system32\W32N50.dll
2010-06-05 20:32:12 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2010-06-05 18:47:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2010-06-05 18:47:42 0 d-----w- c:\program files\Innovative Solutions
2010-06-04 09:07:15 107908 ----a-w- C:\toolkit_widget.gif
2010-06-04 0949 0 d-----w- c:\program files\DriverGuide DriverScan
2010-06-04 08:19:38 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-04 08:18:30 0 d-----w- c:\program files\ATI Technologies
2010-06-04 08:18:26 0 d-----w- c:\program files\ATI
2010-06-04 08:15:48 0 d-----w- c:\program files\Realtek
2010-06-04 08:15:39 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-06-04 08:15:39 315392 ----a-w- c:\windows\HideWin.exe
2010-06-04 03:22:30 0 d-----w- c:\program files\VideoLAN
2010-06-03 14:25:42 0 d-----w- c:\program files\common files\ODBC
2010-06-03 14:25:37 0 d-----w- c:\program files\common files\SpeechEngines
2010-06-03 14:25:06 0 d-----r- c:\documents and settings\all users\Documents
2010-06-03 13:43:44 0 d-sh--w- c:\documents and settings\all users\DRM
2010-06-03 13:41:59 0 d-----w- c:\program files\common files\MSSoap
2010-06-03 13:40:46 0 d--h--w- c:\program files\WindowsUpdate
2010-06-03 13:40:46 0 d-----w- c:\program files\Online Services
2010-06-03 13:40:37 0 d-----w- c:\program files\Messenger
2010-06-03 13:40:29 0 d-----w- c:\program files\MSN Gaming Zone
2010-06-03 13:39:41 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-06-03 14:05:22 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-20 18:09:14 62865 ----a-w- c:\windows\inf\im\odysseyIM3.sys
2004-08-20 18:09:14 45056 ----a-w- c:\windows\inf\im\imdinst.exe
2004-08-20 18:09:14 12739 ----a-w- c:\windows\inf\im\odNetInstall.dll

============= FINISH: 20:36:08.09 ===============

RELEVANCY SCORE 200
Preferred Solution: Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

Read other 10 answers
RELEVANCY SCORE 132.4

Hello I have a recurring trojan showing up with AVG. trojan horse downloader generic9.aebx I have tried to delete it several timnes to no avail. My computer has been freezing after 10mins or so after boot up, and running really slow. Is it possible that this might be the cause?Here is the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:09 PM, on 1/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\Explorer.EXED:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeD:\WINDOWS\system32\CTHELPER.EXED:\WINDOWS\system32\CTXFIHLP.EXED:\WINDOWS\system32\rundll32.exeD:\WINDOWS\SYSTEM32\CTXFISPI.EXED:\PROGRA~1\AVG\AVG8\avgtray.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Ideazon\ZEngine\Zboard.exeD:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\Zune\ZuneLauncher.exeD:\program files\steam ... Read more

A:trojan horse downloader generic9

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 131.2

hello greetings.

I have downloaded and installed this trojan or hatever it is, was supose to do what it did lol, was supose to install new themes for my windows xp. my antivirus didnt react so I installed, after reboot a weird sound comes out my computer, somethign mess with the keyboard after install and keep typing going trough dos to the welcome windows to introduce password but this thing is keep typing giving me no chance to delete, the trojan installer is Crack.Windows.7.Theme.for.WindowsXP.45059.exe, descripcion: Trojan horse Downloader.Generic9.AILO is is in my documents folder, and shows also another adress after click as process name, c:\WINDOWS\explorer.exe .
Im using my second hd wich has op for this cases and Im doing what I can to fix this, I found the virus,
I found the virus I can delete but the harm to my boot system is what I need to fix, please any help aspreciate, Im working on this and keep an eye here for some help, I think I should find to repair the boot system but it seems is working this is more like a boot bug (start typing a letter for ever from the turn computer on)
my system is p4 2.4 windows xp sp3

thanks in advance.. Nik

Read other answers
RELEVANCY SCORE 129.6

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 129.6

AVG detected Trojan horse Downloader.Generic9.CAXD. AVG will remove them and say the computer needs to be restarted but they come back every time I restart

- I deleted all the files from my temp folder.
- I cleared the System Volume Information (SVI) by "Turning off System Restore".
- Then I changed the security setting in SVI folder and I was able to remove it temporarly but when I reboot the system the virus reappears.
- The virus that AVG detects resides in this folder but obviously there is a problem somewhere else too, maybe the master boot record :

"C:\System Volume Information\Microsoft\smss.exe"
"C:\System Volume Information\Microsoft\services.exe"

How do I remove Trojan horse Downloader.Generic9.CAXD?

Help appreciated. Thanks.

A:How do I remove Trojan horse Downloader.Generic9.CAXD

Welcome to TSF :)

You have pretty serious infection, i will need to know what version of Windows you have. Also, i will need the same windows installation disc. Let me know.

Thanks

Read other 2 answers
RELEVANCY SCORE 111.6

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 111.6

Logfile of HijackThis v1.99.1Scan saved at 21:38, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 110.8

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

A:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 108.8

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

Read other 2 answers
RELEVANCY SCORE 108

hello,I'm a fairly experienced pc user,but I can't seem to destroy this trojan:Downloader.Generic9.CDFLI would highly appreciate any help!AVG comes back with this report:"Bestand";"Infectie";"Resultaat""C:\System Volume Information\Microsoft\smss.exe (1604)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\smss.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""C:\System Volume Information\Microsoft\services.exe (932)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\services.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""Object is niet toegankelijk." is Dutch for "Object is not accessible" so they are not Quarainteened or destroyed.System restore didn't help.Here's my HiJackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:23:14, on 21/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\System Volume Information\Microsof... Read more

A:Trojan Downloader.Generic9.CDFL

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 32 answers
RELEVANCY SCORE 103.2

at the begin of august, I log on to my computer to find it has become very slow, so i tried to go to the 'task manager' to see which program was to cause. but then this massage came up telling me 'task manager has been disabled my your administrator.' the only problem is i am the users in my computer and there is no other user except me so I run a full on scan my computer using 'AVG Anti-virus free' and it found to virus and deleted them, so I restarted my computer but the problem persisted and after hours of trying to find out i open 'AVG Anti-virus? and clicked ?history? then I clicked on ?resident Shield detection? and I found i that my computer was infected by ?Trojan horse downloader agent KZK? and the anti virus didn?t or couldn?t delete it or move it to the virus vault.
After a that I decide to ?restore my computer to a couple of months ago?, and this worked but when restarted the computer and tried to go to the ?task manager? i got the same massage as before,

After this, I restart my computer and I went to ?Safe mode? (before that I updated my anti-virus)- and here i was confronted with a screen saying which user i wanted to be, the problem being i am the only user- after realizing this was the reason i couldnt using Task manager I decided to contiue and i selected the administrator user and after that I did a full can and it found one infections and deleted that or healed it, after this I tried my hand at deleting every file that is relat... Read more

A:Trojan horse downloader KZK has taken over my computer

As the above logs are from AVG, I am moving this topic from the specialized HiJack This forum to the Am I Infected forum. I am also deleting your previous topic on the same issue.==>PLEASE DO NOT NOW POST OTHER LOGS<== unless a log is specifically requested.

Read other 25 answers
RELEVANCY SCORE 102

Hi,

I think I may have a virus I used limewire to download a mp3, it downloaded and when i clicked on it Itunes opened then the song never played.
I then used AVG 8 to scan the MP3 and it picked up trojan horse downloader.wimad.E and put it in the virus vault and I deleted it from there my
computer is running fine so far. Just want to no if thier is anything else I can do.

Thanks Beau

A:trojan horse downloader.wimad.E is it still on my computer

When an anti-virus or security program quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.Lets do a scan with another effective program.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounte... Read more

Read other 5 answers
RELEVANCY SCORE 102

My computer is telling me that I have a Trojan horse Downloader3.NPE and that I also have a virus host

I have AVG Free Edition - Control Center and I dont think it is doing anything about this Trojan so I think i need some help to clean my computer out
 

A:computer is telling me i have a trojan horse Downloader

Read other 7 answers
RELEVANCY SCORE 102

So, today my free comcast mcafee security says I have a problem. Spyware, and a trojan horse downloader agent apuf. It completely made mcafee unusable. I then proceeded to try to do a system restore but the trojan seems to have shut that down also (unable to restore at all). I uninstalled mcaffee, and then installed AVG and ran a bunch of other stuff (spybot, combofix, ccleaner, hijackthis, superantispy, malwarebytes etc.) All of which are now inoperable due to whatever is affecting my computer. I luckily don't use my computer for anything other than internet browsing (I also had to delete IE due to issues with it not allowing me to access any sign in pages) but I have no recovery disk (company I bought the computer from is sending me a new one-unfortunately it will be a while before it gets here). Not sure what to do or if there is anything I can do. I have the RSI report if that helps. Any suggestions, I am at a loss.

A:Trojan horse downloader? Not so computer savvy gal needs help.

After running all that stuff with any viewing of logs. We cannot be sure where you are at. Some of the tools you have run may have caused more problems. What Operating system do you have.? I suggest one of two things here. A full format and reinstall or post your HiJack log here..http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Read other 1 answers
RELEVANCY SCORE 100

Hi,
I could really use an experts help.

My computer is using Windows XP professional version 2002 Service Pack 3 and prior to having virus problems it also dual booted with Windows 7.
This has been a long drawn-out affair, but initially while I was running XP, my AVG virus scanner version 9.0 indicated that I had contacted a root-kit virus. I tried to remove it with directions from the internet and ended up having to use the Windows XP installation disk to repair my Master Boot Record. As a result, I can no longer boot into Windows 7.
I have resigned myself to using Win XP at this point, but I cannot seem to shake numerous viruses, even after running the Malware Bytes' Anti-Malware in safe mode. When I ran MBAM in safe mode, it tells me that there are no infections, but as soon as I go into the regular Win XP mode, the AVG 9.0 indicates that I have: Trojan horse Downloader.Generic.10.HNN and that the Object is inaccessable when I try to remove all unhealed infections.

My iexplorer browser has also been hijacked and I experience redirected websites.

Is there any help short of reinstalling everything?

Thanks in advance.

Dave H.

A:Computer Infected with Trojan horse Downloader.Generic10.hnn - among other things

Hello,Scanning with MBAM in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails. If you installed MBAM in safe mode,you should reinstall it.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to en... Read more

Read other 11 answers
RELEVANCY SCORE 98.8

My computer has been hijacked for almost a week now. Symptoms include popup ads, severely lagged computer, and a hijacking that has been resistant to the standard cleaning procedures.I've tried using the following: Ad Aware 2007 (updated virus package), Spybot (updated package), Panda Security (online), Norton Antivirus corporate (updated virus package), Hijack This! v1.99.1. My friend even tried going into my Hijack this log file and removing some suspicious line items. Still, the computer is not clean..To see a doc file which basically has screen grabs of the results of the above virus scanners, please go here: http://files-upload.com/411341/viruslogs.doc.html. I've also tried attaching it to this post. It shows you the viruses and trojans etc that HAVE been found, if not quarantined or deleted. I am running a 3 year old Averatec laptop.Hijack This log below:Logfile of HijackThis v1.99.1Scan saved at 11:09:15 PM, on 8/1/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Pro... Read more

A:Hijacked Computer - Winantivirus, Vundu, R?ndll.exe, Downloader, Trojan Horse

Welcome to the BleepingComputer HijackThis Logs and Analysis forum johnldd My name is Richie and i'll be helping you to fix your problems.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.------------------------------------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 12 answers
RELEVANCY SCORE 97.6

A few days ago, I downloaded and installed Hotspot Shield, because I liked the idea of a VPN and wanted to try it out. I read up on VPNs and saw that I would be part of a 'network' when using it. I wasn't sure how or whether that would open me up to any security risks, but obviously that didn't stop me.I am pretty sure I was connected to the 'net via the VPN when MSE flashed into action and told me it had blocked a severe threat and I remember seeing a warning about JAVA. I immediately exited whatever web page I was on and also exited the VPN. Since MSE said it blocked it, I wasn't too worried.Fast forward 24 to 48 hours (I forget which), and I started a deep scan, then went to sleep. The next morning, when I looked in the 'history' section of MSE, it said it had "removed" three files, all of which were 'SEVERE' threats, and one of them was a Trojan Downloader that could execute code remotely (I looked that sucker up). Great!Anyway, here are the file names:Exploit:Java/CVE-2010-0842.ANExploit:Java/CVE-2008-5353.AACTrojanDownloader:Java/OpenConnection/OISo I do not know what, if anything, I need to do from here. MSE says they are 'removed'. I have not deleted those files from the history section of MSE just yet because I wanted to know more about them, and also wanted to post the names here.Here's what I have done so far: I looked up the file names, and saw something about the exploits needing older versions of ... Read more

A:MSE Finds Trojan Downloader & JAVA Exploits

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 19 answers
RELEVANCY SCORE 97.6

Computer acting slow and files seem to be changing. Panda picked out these files but will not delete, and other virus scans like bitdefender did not even find the files. Please let me know which files should be removed from my computer thanksAdware detected: Adware/ActiveSearch Adware detected: Adware/ActiveSearchAdware detected: Adware/ZenosearchAdware detected: Adware/MirarVirus detected: Trj/Downloader.OFN Adware detected: Adware/ZenosearchLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:48:46 AM, on 8/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files�... Read more

A:Trojan Downloader That Panda Finds But Does Not Delete

Welcome to the BleepingComputer HijackThis Logs and Analysis forum nonmiannoiare23 My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.-------------------------------------------------Please download Combofix and save to your... Read more

Read other 2 answers
RELEVANCY SCORE 96

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 94.4

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 94.4

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 92

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

Read other 16 answers
RELEVANCY SCORE 92

Hi,

We are visiting my parents-in-law and my daughter used their computer to visit a site called MangaReader.net where apparently she infected their computer with 2 trojans - according to AVG which they have installed on their computer (latest updates installed). Here are the specs and other information:

Computer: Dell Inspiron 530
Processor: Intel Core2 CPU 4400 @ 2.00GHz
RAM: 1 GB
OS: Windows Vista Home Premium SP2

Trojans found by AVG
Downloader.Generic11.CILH
PSW.Generic9.JJT

In order to run the programs dds and gmer, I had to go to safe mode. I could not do anything on the administrator or other profiles. I hope this does not make a difference in the information provided by the scans.
============
dds.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Nita at 13:02:08 on 2011-08-20
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1012.568 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:PSW.Generic9.JJT & Downloader.Generic11.CILH

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts. If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
When finished, it will produce a report for you.
.
Please include the following... Read more

Read other 5 answers
RELEVANCY SCORE 91.6

I ran the AVG virus scan because my computer has been acting weird. I ran it during the night and it was closed this morning, i can access the report but it does not list what to do or give me a option to do something with it. What do I do?
 

A:Trojan horse Downloader HELP!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:04:58 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi I seem to have picked up the trojan swizzor this is my hyjack logLogfile of HijackThis v1.98.2Scan saved at 15:21:04, on 10/11/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\system32\drivers\dcfssvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\Microsoft Works\WksSb.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\Grisoft\AVG6\avgcc32.exeC:\PROGRA~1\EXITFO~1\SETTINGSKNOB.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\BT Yahoo! Internet\DialBTYahoo.exeC:\PROGRA~1\Yahoo!\browser\ybrowser.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32�... Read more

A:Trojan horse downloader

Hey phiz,welcome to BCUpgrade your AVG to the newest version and get the latest updates.Do a full scan.Please download a-squaredhttp://www.emsisoft.com/en/software/free/The program is free, but you will need to register.Let it scan and remove all trojans.Then reboot and post a new log.

Read other 8 answers
RELEVANCY SCORE 91.6

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:05, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunes... Read more

A:Need help getting rid of Trojan Horse downloader

Read other 7 answers
RELEVANCY SCORE 91.6

Logfile of HijackThis v1.98.2
Scan saved at 12:31:08 PM, on 10/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
c:\Program Files\Common Files\fh.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program F... Read more

A:trojan horse downloader?

Hi frankpv15

Welcome to TSG!

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 3 answers
RELEVANCY SCORE 91.6

have a trojan horse downloader .zlod.azvf in the core svchost.exe {1464}

Read other answers
RELEVANCY SCORE 91.6

Please help me to remove this virus Avg does not help with this.


Please Hijack This Log
Logfile of HijackThis v1.97.7
Scan saved at 6:46:40 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wapisu.exe
C:\Program Files\Common Files\WSOC Weather Wizard\TotalWX.exe
C:\Program Files\IE Sniffer\IESniffer.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arlene\My Documents\My Downloads\avg free edition\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_1... Read more

A:Trojan Horse Downloader

First let me ask if you know what this is?:

O4 - HKCU\..\Run: [IE Sniffer] C:\Program Files\IE Sniffer\IESniffer.exe
 

Read other 1 answers
RELEVANCY SCORE 91.6

Hey i just joined this so im not 100% sure i know what im doing on here but...i ran my AVG and it wouldnt delete the THD that i had. it was Trojan Horse Downloader.Winshow.S and it said it was in settings/woody/appdata/sysko/smiesh.dll if you could help me out at all. ive got the hijack this log too..thanks

Logfile of HijackThis v1.97.7
Scan saved at 12:30:49 PM, on 3/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\PSD Tools\blengine.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Kazaa\kazaa.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Woody\Desktop\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213
O2 - BHO: Clear Search - {00000000-0000-0000-0000-00... Read more

A:Trojan Horse Downloader

Read other 9 answers
RELEVANCY SCORE 91.6

Trying to fix family laptop which appears to have a trojan. AVG repeatedly reports findng trojan horse downloader.generic8.anhq. Multiple threats then found by avg which appear to be random letter sequences for an .exe file which is located on C:\ (example is ttmxc or CaFg). There are also txt files and ms-dos applications created in same location. Firewall is also repeatedly disabled but can't seem to find way to keep it activated.

Running AVG, MBAM, SuperAntiSpyware and SpyBot finds issues but fixing via these doesn't stop the problem from reappearing when I next access internet connection and process starts over again. Have tried running in safe mode to fix with above programmes but issue always returns.

Now lost and would appreciate some help. Have removed torrent software and any cracked software I could find but let me know if anything else needs to be done in this area.

DDS as below:


DDS (Ver_09-05-14.01) - FAT32x86
Run by Jason at 18:28:05.86 on 15/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.494.156 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C... Read more

A:can't get rid of trojan horse downloader

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 10 answers
RELEVANCY SCORE 91.6

Norton sees it as C:\Windows\systems32\ymya2.dll. I tried symantics advice including disable restore and going into registry which it is not there, I even tried deleting file which the computer won't allow me to do. livioflores-ga is helping me and told me to run hijack and post it here I think. This is my first time but it seems like a great forumLogfile of HijackThis v1.99.0Scan saved at 8:17:39 PM, on 1/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\NORTON~1\navapw32.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Norton GoBack\GBPoll.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe... Read more

A:Downloader trojan horse

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.naupoint.com/toolbar/ie.htmlO2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\system32\oljF2F5.dllO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cabO16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CABO16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - http://naupoint.com/toolbar/installer/iEBINST2.cabO16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://G:\Content\include\msSecUcd.cabReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\system32\oljF2F5.dllReboot your computer to go back to normal mode and post a new log.

Read other 1 answers
RELEVANCY SCORE 91.6

I am working on my parents laptop. It has been getting popups for malware. I ran AVG on it in safe mode and it moved the trojan to the vault. The filenames that are affected are TMPE7.tmp, TMPF4.tmp, lsass.exe, Aoo59182.exe and A0055634.exe.
I ran the Hijacker tool and I have the logs. Can you help?

A:Trojan Horse Downloader.14.m

How is the computer running. The malware was moved to the vault.
Did you get a virus name and a by chance a full path to it?
Is this an Xp SP2 machine?

Read other 5 answers
RELEVANCY SCORE 91.6

need help with finding a way to remove this trojan horse downloader Logfile of HijackThis v1.99.1 Scan saved at 5:30:21 PM, on 11/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C... Read more

A:Trojan Horse Downloader ?

Hi and welcome to BC If you are not being helped elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

Read other 2 answers
RELEVANCY SCORE 91.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:03:27 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\Grisoft\AVG7\avgcc .exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Documents and Settings\Administrator\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - ... Read more

A:Trojan Horse Downloader.14.m

Hello bthomerson,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 91.6

Hello everyone, This weekend my av\malware progams found the following. Is there a bigger problem with my comp. I seems to be getting alot of trojans in the last 3-6 months. I do all of my banking on the comp. I will call bank and change all p\w's. Thanks for the help. Joe mc

Avg found- Trojan horse downloader presario.A C:\WINDOWS\system32\msCMT srvc.exe (file size 160kb) Avg this file to the virus vault.

-squared Free - Version 3.1
Last update: 3/15/2008 11:47:43 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 3/15/2008 11:50:49 PM

c:\windows\system32\fonts detected: Trace.Directory.IamBigBrother
c:\program files\pcsecurityshield detected: Trace.Directory.Privacy Defender 3.0
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\477jmz03.default\cookies.txt:35 detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\477jmz03.default\cookies.txt:41 detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\... Read more

A:Trojan Horse Downloader

I assume that since you have AVG, that you are using Windows XP? Please only run this tool if you are.Download SDfix setup onto your desktop.Run the installer. Leave the install location at your system root.After the install, boot into Safe Mode.Click your Start Menu. Click Run. Type in c:\sdfix\runthis.bat. Hit OK.The prompt window will open. Type Y and hit Enter.Wait for the scan to finish. You will be prompted to restart. Press anykey to do so. Allow Sdfix to boot the computer into normal boot. At reboot, the prompt window will popup, along with a log shortly after. Copy the contents of the log back in your next reply.

Read other 7 answers
RELEVANCY SCORE 91.6

Please help

I ran an AVG scan yesterday and it came up with a 2 viruses. One found today and one found yesterday.
They are both called trojan horse downloader.generic7.POR and AVG moved them to the virus vault.
It says they are unable to be healed
Please, please help me. I dont know what to do.

A:Please Help. Trojan Horse Downloader

Hello and welcome ..Is this an Xp system??Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opers browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed D... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi there,

Hope I'm posting in the right place. My computer has acquired Trojan Horse Downloader. Generic 4. XJE somehow, and while I have run AVG and it seems to heal it, the browser still is taken over every minute or so. I saw this thread elsewhere, but I also read not to use the instructions given for that computer as it could harm mine. My computer is brand new.....please help! It is a Dell Domension E521 with Vista.

Thanks so much
Chere Oldhoff

Mod Edit: removed email address for security reasons.
 

A:Trojan Horse Downloader

Hi Chere7, welcome to TSG.

Browse through some of the other security threads and follow the instructions to download, install and run HIJACK THIS....then post a scan log.
 

Read other 1 answers
RELEVANCY SCORE 91.6

Hello,
My last message didn?t have a title.
I think I have 2 trojan downloaders as were detected by AVG Free without deleting it.

When I search ion google something related to spyware or trojan, it?s redirected to
http://64.111.196.162/click.php?c=9d...a2c46f4001&r=1


This is the HijackThis Log.

------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:16:38 a.m., on 08/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Xcalibur\system\programs\CFRDBService.exe
C:\Xcalibur\system\programs\FinAutoLogOff.exe
C:\XCalibur\system\programs\finSS_Server.exe
C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe
C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe
C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe
C:\Archivos de programa\Microsoft SQL Server\MSSQL$AVAILSUITE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE
C:\Archivos de programa\Network Associa... Read more

Read other answers
RELEVANCY SCORE 91.6

I need some help with getting rid of the Trojan Downloader....Please help

I tryed to fix with AVG, but it wouldn't heal

Thanks for your help!!!

Logfile of HijackThis v1.97.6
Scan saved at 5:51:38 PM, on 17/02/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Carolyn\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explore... Read more

A:Trojan Horse Downloader

Read other 16 answers
RELEVANCY SCORE 91.6

I had a friend download AVG last evening and when she ran thru the test it came back with a Trojan Horse Downloader Q down C. It read that it was unable to fix the problem.
I havent been able to find anything about it so I have come to you fine people for help again.
I am in Kansas and she lives in Texas. She has Win98 and that is all I know right now.
Please help.
Thank you in advance..........
 

A:Trojan Horse Downloader Q down C

You can try this if there are no other suggestions?
http://www.majorgeeks.com/download903.html
But she should go ahead and post a "HiJack" This Log.
http://www.majorgeeks.com/download3155.html
 

Read other 2 answers
RELEVANCY SCORE 91.6

Can someone tell me how to get rid of Trojan Horse Downloader.VB.3. AF. I've run AVG and Adware.

Can someone take a look at my Hijack This log? Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 1:35:00 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connect... Read more

A:Trojan Horse Downloader.VB.3. AF

What is the location of the infected file?
 

Read other 3 answers
RELEVANCY SCORE 91.6

Well, I got a file through MSN called Myalbuum2007, and now I keep getting messages from AVG saying Threat detected!, and when I choose to heal them, it says that they are healed successfully, but they keep coming back.
I looked around in some other threads and followed some of the tips, for example I downloaded SuperAntiSpy and some other things, but they don't seem to work, so I thought I'd start from the beginning and post my HJT here, so here it is. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 13:19:45, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\STOPzilla!\STOPzilla.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explore... Read more

A:MSN trojan horse downloader

Read other 7 answers
RELEVANCY SCORE 91.6

Computer is running very slow or not at all when browsing the web. AVG Anti-Virus tells me that I have a Trojan Horse Downloader but it is not removing/healing it. Here's my log:Logfile of HijackThis v1.99.1Scan saved at 10:10:10 PM, on 6/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Windows Media Connect 2\WMCCFG.exeC:\Program Files&#... Read more

A:Trojan Horse Downloader

Hello and Welcome. You may want to move HJT.exe into its own folder by following the instructions in this link so that it can function properly.============================================We'll need to disable real time scanners so that they won't interfere with the fix.Windows DefenderTo disable Windows Defender: Open Windows Defender Click Tools Click General Settings Scroll down to Real Time Protection Options Uncheck Turn on Real Time Protection (recommended)After you uncheck this, click on the Save button Close Windows DefenderSpysweeperOpen Spysweeper and click on Options over to the left then >program options >Uncheck "load at windows startup". Over to the left click "shields" and uncheck all there. Uncheck "home page shield". Uncheck 'automaticly restore default without notification". Once your log is clean you can re-enable them.============================================Close all open Explorer windows and browsers/email, etcRun HijackThisClick on the Scan button and when completePut a check beside all of the items listed belowClick on the "Fix Checked" buttonWhen completed, close the application.R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {E1D87815-C8F6-C004-A4AF-E0CB299C0890} - C:\WINDOWS\system32\onfpx.dll (file missing)O9 - Extra button: (no name) - AutorunsDisabled - (no file)O15 - Tr... Read more

Read other 8 answers
RELEVANCY SCORE 91.6

i have a trojan horse virus on my laptop that is wreaking havoc. anytime i go to a new page on the internet or click on a desktop icon my avg alerts me of infected files. My cpu is always at 100% even when i am doing nothing on my computer and it would only happen once in a while at first and now some websites restrict my access. I get all kinds of pop-ups and it takes forever for my computer to do anything. Everytime i am alerted by avg, which is now constantly, it says "threat name: trojan horse clicker .OPM" and/or "Torjan horse downloader .delf.12.an". It gives the filename too but those are entirely too long to post. I am running a fujitsu c series laptop with xp and internet explorer. I have a free version of avg antivirus software and i have hijack this, but i don't know what to do with it. if you could help me, i would be forever grateful.
 

Read other answers
RELEVANCY SCORE 91.6

I have windows xp home how do I get rid of this trojan? Also have java/byte verify virus,how do i get rid of this one also , thak you ceb
 

A:trojan horse downloader as!

Read other 6 answers