Over 1 million tech questions and answers.

Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Q: Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Paul Hancock\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/config/login...ntl=us&.src=ym
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Auto EPSON Stylus Photo R220 Series on kitchen] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P46 "Auto EPSON Stylus Photo R220 Series on kitchen" /M "Stylus Photo R220" /EF "HKCU"
uRun: [\\kitchen\EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p40 "\\kitchen\EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [\\kitchen\EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p40 "\\kitchen\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [Auto EPSON Stylus Photo R220 Series on kitchen] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaia.exe /p46 "auto epson stylus photo r220 series on kitchen" /o15 "\\kitchen\EPSON" /M "Stylus Photo R220"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\paulha~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\paul hancock\my documents\Display Toggle.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228509075218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {ad5a722f-053a-4959-a3af-c55da6a52621} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulha~1\applic~1\mozilla\firefox\profiles\4mjavfmw.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-9-7 16384]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-4 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-4 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 308064]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-9-7 105472]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-9-7 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-9-7 15232]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-10-27 278384]

=============== Created Last 30 ================

2010-06-11 02:20:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-04 01:09:11 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-03-09 13:25:10 236 ---ha-w- c:\program files\common files\dx.reg
2009-07-08 01:44:43 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-08 01:44:43 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-08 01:44:43 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:21:41.31 ===============

RELEVANCY SCORE 200
Preferred Solution: Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 148

Hello I have a recurring trojan showing up with AVG. trojan horse downloader generic9.aebx I have tried to delete it several timnes to no avail. My computer has been freezing after 10mins or so after boot up, and running really slow. Is it possible that this might be the cause?Here is the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:09 PM, on 1/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\Explorer.EXED:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeD:\WINDOWS\system32\CTHELPER.EXED:\WINDOWS\system32\CTXFIHLP.EXED:\WINDOWS\system32\rundll32.exeD:\WINDOWS\SYSTEM32\CTXFISPI.EXED:\PROGRA~1\AVG\AVG8\avgtray.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Ideazon\ZEngine\Zboard.exeD:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\Zune\ZuneLauncher.exeD:\program files\steam ... Read more

A:trojan horse downloader generic9

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 146.4

hello greetings.

I have downloaded and installed this trojan or hatever it is, was supose to do what it did lol, was supose to install new themes for my windows xp. my antivirus didnt react so I installed, after reboot a weird sound comes out my computer, somethign mess with the keyboard after install and keep typing going trough dos to the welcome windows to introduce password but this thing is keep typing giving me no chance to delete, the trojan installer is Crack.Windows.7.Theme.for.WindowsXP.45059.exe, descripcion: Trojan horse Downloader.Generic9.AILO is is in my documents folder, and shows also another adress after click as process name, c:\WINDOWS\explorer.exe .
Im using my second hd wich has op for this cases and Im doing what I can to fix this, I found the virus,
I found the virus I can delete but the harm to my boot system is what I need to fix, please any help aspreciate, Im working on this and keep an eye here for some help, I think I should find to repair the boot system but it seems is working this is more like a boot bug (start typing a letter for ever from the turn computer on)
my system is p4 2.4 windows xp sp3

thanks in advance.. Nik

Read other answers
RELEVANCY SCORE 145.6

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

A:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

Read other 10 answers
RELEVANCY SCORE 144.8

AVG detected Trojan horse Downloader.Generic9.CAXD. AVG will remove them and say the computer needs to be restarted but they come back every time I restart

- I deleted all the files from my temp folder.
- I cleared the System Volume Information (SVI) by "Turning off System Restore".
- Then I changed the security setting in SVI folder and I was able to remove it temporarly but when I reboot the system the virus reappears.
- The virus that AVG detects resides in this folder but obviously there is a problem somewhere else too, maybe the master boot record :

"C:\System Volume Information\Microsoft\smss.exe"
"C:\System Volume Information\Microsoft\services.exe"

How do I remove Trojan horse Downloader.Generic9.CAXD?

Help appreciated. Thanks.

A:How do I remove Trojan horse Downloader.Generic9.CAXD

Welcome to TSF :)

You have pretty serious infection, i will need to know what version of Windows you have. Also, i will need the same windows installation disc. Let me know.

Thanks

Read other 2 answers
RELEVANCY SCORE 144

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 131.6

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 131.2

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 130.4

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 130.4

Logfile of HijackThis v1.99.1Scan saved at 21:38, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 128.8

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 128.8

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 128.8

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 126.4

Hey and thanks in advance for any help.
 
I keep getting a warning message from AVG Anitvirus about Trojan Horse Generic17.AMPT. Typically it is a few times a day and i keep clicking Remove. It is starting to get annoying and (i assume) something I should get rid of. I have tried various scans including, Symantec, AVG, spybot, TDSSKiller, Sophos and Avast (maybe even a few others i forgot about) of which none has solved the problem. I am currently actively running Symantec and AVG. So, now i am calling out for some more tech-savy people for help because it is over my head and i am trying to avoid wiping my hard drive and starting from scratch. 
 
The typical message I get from AVG is "Trojan Horse Generic17.AMPT" ...... "c:\users\adam\appdata\local\temp\dwhXXXX.exe" for the XXXX - the end of the extension changes each time. Result "infected". I have already tried to clear my temp data since that is there the file is, but that has done nothing. 
 
I am running Windows 7 Ultimate 64 bit with SP1
 
Thanks again

A:Trojan Horse Generic17.AMPT

Hello -
The item you list is the AVG "Generic" version of the infection -
 
Please run these programs to try and flush it out.
 
First -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
Please Copy and Paste the small log back here
 
Important: Do not reboot your computer until you complete the next step.
 
Now:  Download AdwCleaner by Xplode and save to your Desktop.
• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button. (only Once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• NOW : I... Read more

Read other 20 answers
RELEVANCY SCORE 126.4

I fell asleep last night and woke up to see AVG ran a scan and found an infection titled 'Trojan horse Generic17.BICQ'. It has it 3 times in the list too, all from the same file. I try to remove them but it won't let me. I put together my own computer not long ago and have Windows 7 64-bit currently running on it. I've had several minor problems in the past(or present, as I haven't exactly got around fixing those either). Please, any help would suffice. I appreciate the time and concern for it all too.

A:Trojan horse Generic17.BICQ

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any c... Read more

Read other 7 answers
RELEVANCY SCORE 125.6

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

Read other 16 answers
RELEVANCY SCORE 125.2

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 124.8

PLEASE HELP!!!. My [COLOR=blue! important][COLOR=blue! important]PC[/COLOR][/COLOR] has a virus that I'm having trouble getting rid of. It started out as a fake alert virus that took control of my system. I seem to be getting on top of things but my AVG antivirus continues to show infected files with "Trojan horse Generic17.BKCS and Trojan horse SpamTool.FYS". I have ran Malwarebytes, Spybot. Thanks

The following is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:47:18, on 13/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avge... Read more

Read other answers
RELEVANCY SCORE 124

Hello

My explorer use (both win explorer and internet explorer) is terrorised by an AVG pop up warning about a Trojan.
What do I have to fix in my software and how ?

Thanks in advance and kind regards. JPMaurice

A:Trojan Horse Generic9.xld

Did your scan provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?"Generic Trojan" is a heuristic detection and a name provided to possible new variants of malware. AVG uses heuristic detection which incorporates the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.See How AVG Heuristic Analysis Works. Get a second opinion, by submitting the file to jotti's virusscan or virustotal.com. In the &q... Read more

Read other 5 answers
RELEVANCY SCORE 124

Hello. AVG picked it up and I'm having a difficult time figuring out how to get rid of it. I'm not sure what it's doing or what it does, but whenever I run a virus scan, it always gets picked up somewhere on my hard dives. AVG can successfully heal or move it to the virus vault, but whenever I run the scan again, it's back in some other place. Does anyone know how to get rid of it? Maybe someone can point me in the right direction?

Thanks!

--------------------------------------
Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:28 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.... Read more

Read other answers
RELEVANCY SCORE 123.6

Hi guys,

The run down:
- my com was assembled by a shop
- windows xp os was loaded by them too
- currently avg is detecting the a/m topic
- apparently antiwpa.dll is meant to bypass the windows protection software
- i have validated my version of windows with the validation tool on the microsoft website
- hijackthis says:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.ex... Read more

A:Trojan horse Generic17.ASAY detected in antiwpa.dll

Copy of the MGADiag.exe diagnostic report:

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-8QJRW-4MXYX-P86W3
Windows Product Key Hash: +IPgfUP+Tn5xUk3jtQE+tM1sByo=
Windows Product ID: 76487-OEM-2215254-96785
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {4DAA9A97-1C3E-4AC2-BEA5-BAE05A135E35}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
D... Read more

Read other 1 answers
RELEVANCY SCORE 123.2

My computer is Windowns XP Service pack 3
I always use Firefox and never use Microsoft explorer.
My computer runs AVG 9.0.830 Free.

On 6/30/10 my computer detected Trojan horse Clicker.AJSF. This was followed immediately afterwords with the detection of Trojan horse Downloader.Agent2.YIZ. This was accompanied by the noise of clicking anywhere from every 10 seconds to 2 every minutes. This went away after a few runs of AVG. Occasionally the volume would balance would lower itself to zero. The Trojan horse Clicker.AJSF was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\119889546
C:\Documents and Settings\corboybp\Application Data\Sun\Java\deployment\cache\6.0\4\3c0ae\784-3513414
the Trojan horse Downloader.Agent2.YIZ was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\loader.exe
C:\Documents and Settings\corboybp\Local Settings\Temp\smss.exe

All was quiet until 7/7/10 when Trojan horse Downloader.Agent2.YIZ showed up again however no symptoms were notable. it was located in the following places:
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe

Today the scan discovered Trojan horse Downloader.Agent2.YIZ located in the following locations:
C:\System Volume Information\Microsoft\smss.exe (1064)
C:\System Volume Information\Microsoft\smss.exe Result: object is inaccessible
C:\System Volume Information\Microsoft\servic... Read more

A:Trojan horse Clicker.AJSF "congratulations you won!" Trojan horse Downloader.Agent2.Y

Hi,

Please do the following:

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Now open a notepad and press Control+V
Post the resultant log here please



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and... Read more

Read other 8 answers
RELEVANCY SCORE 122.8

I made a thread awhile ago and I stopped cause I thought I was getting a CD that would store it but it looks like it's not happening. I wouldn't mind if the same moderator who helped on this (thanks Amateur, I noticed that some pop ups are gone ) but if he's too busy I would like help from anyone .

Here's the thread

Need help with trojan horse PSW Generic9 ASRC

I was on safe mode and downloaded the combofix but I had to disarm the avg but I couldn't do it on safe mode so I removed it before I did the combofix scan. When I went online next, I downloaded the free avg anti-virus 2012. I haven't used it for scanning yet. Here's the results from combofix scan.

ComboFix 11-12-13.03 - Amy 13/12/2011 18:27:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.303 [GMT -5:00]
Running from: c:\documents and settings\Amy\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma In... Read more

A:Re: Needs help with trojan horse PSW generic9 ASRC

Do I download the combofix and windows console thing again?

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 16/12/2011 by Amy
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sy*"
C:\I386\NETBT.SYS --a--c- 157056 bytes [00:32 05/11/2003] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [06:26 06/10/2008] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtUninstallKB824105$\netbt.sys -----c- 157056 bytes [00:52 06/02/2004] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [06:14 04/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys --a---- 162816 bytes [11:00 29/08/2002] [19:21 13/04/2008] 4D2AE08FD92F61A4A53A4DC1E29EF7EA

-= EOF =-

Read other 15 answers
RELEVANCY SCORE 122.8

AVG Free Anti-Virus found this in the filename SVCLauncher.exe on 11/17/2007 and again today (11-18-2007) in filename A0054356.exe.
I'm currently running a Kaspersky on line scan.

The computer is a Dell Insprion 9400 with WinXp sp2.

Thanks in advance for any and all help.

A:Trojan Horse Generic9.vpa Infection

Where did AVG find A0054356.exe?It looks like a file normally found in the System Volume Information Folder (SVI) which is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it. Since the System Volume Information folder is a protected directory, your tools cannot access it to delete these files and they sometimes can reinfect your system if you accidentally use an old restore point.If that is where AVG found the file, to resolve this, you need to Set a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

Read other 10 answers
RELEVANCY SCORE 122.8

The alert of this trojan horse infection keeps appearing whenever i try to access my drives through "My Computer". Even though i click on move to vault, this problem persist repeatedly.

I have run AVG, scanned and remove to vault but problem persist.

I tried to access and del the filename: C:\WINDOWS\system32\winxp.exe but the file reappears each time click on C drive in "My Computer" too!

This process name is stated each time the threat is detected
Process name: C\WINDOWS\system32\wscript.exe

I would really appreciate if anyone out there can help me on this. Thanks a million.


========================================================




DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 1:19:25.96 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2568 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGR... Read more

A:HELP! Trojan horse BackDoor.Generic9.MQL

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

You have an autorun worm onboard. These are typically transmitted via USB flash drive, or other USB devices. Please ensure any USB key recently used is inserted in the machi... Read more

Read other 19 answers
RELEVANCY SCORE 122.8

My AVG AntiVirus when I log on to Windows insists in popping up some windows with uknows DLLs (in C:\Windows\System32\... ) that are described as Trojan Horse Generic9.AQNO and "Virus Found Lop" ...In a case, my winlogon.exe terminated and my PC forced to restart. Then again the popping windows.I scanned my computer withSpybot Search & DestroyAVG Antivirus 7.5 (Personal Edition)Counter SpyNow I am attaching my HiJackThis log...Should I be disturbed.....???? Thanx for help [attachment=3673:hijackthis_log.txt]

A:Trojan Horse Generic9.aqno

Anyone!?

Read other 2 answers
RELEVANCY SCORE 122.8

Hello,

I just bought a second-hand computer and the only problem seems to be that a pop-up comes up every few minutes. It says the computer found a threat like these:

C:\WINDOWS\SYSTEMS32\svchost.exe

C:\WINDOWS\Temp\xhohpp\setup.exe

Trojan Horse PSW Generic9 ASRC

I have Avg Free 8.5 anti-virus (that needs to be updated) and Spybot Search & Destroy 1.2 installed but I can't seem to used the spybot and I can't get rid of it either. I tried to delete those but Avg couldn't delete them. I don't have a credit card or have access to anti-virus besides that free Avg. How do I delete those? I'm on the safe mode right now cause I don't know what else to do. I would really appreciate it if someone can help me.

Thanks

A:Need help with trojan horse PSW Generic9 ASRC

Hello and welcome to TSF.

We require a comprehensive set of logs to determine the presence of malware or to answer such questions. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 12 answers
RELEVANCY SCORE 122.8

Hi there guys just wondering if neone knows what the hell kind of trojan this is and how the hell do i go about removing all 8000 of them????
 

Read other answers
RELEVANCY SCORE 122.8

I have been stuck with Trojan Horse Generic9.AQNO since 6:59 AM Friday Morning. I did not feel like allowing it to ruin my weekend so I did not bother with it until this morning. I am stuck. C:WINDOWS\System32\xstwbtzd.dll can not be deleted. Thanks in advance for any help.

A:Trojan Horse Generic9.aqno

Hello and welcome. What application found this and is this an XP system?Let's do this first.Download SUPERAntiSpyware , Free Home Version. Save to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPER... Read more

Read other 3 answers
RELEVANCY SCORE 122.8

Hello. I have followed the instructions, and am ready to post. I will now describe my problem.

AVG has detected something called "Trojan Horse Generic9.AVRP". The letters after the dot often vary. The location is in system32, and it is always .dll. It seems that AVG detects a fresh batch every time I start up.

Thank you very much in advance for any help you may give me, as I am quite annoyed with this virus. That being said, I am very patient and willing to work through this.

I am posting the following:
1. Hijackthis Log
2. Panda Online Virus Scan Report
3. Main.txt from Deckard's

I seem to have lost the extra.txt file, and after re-running deckard's it was not created a second time.

Thanks again for any help

Sincerely,
James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.... Read more

A:Trojan Horse Generic9--detected by AVG

Hello -

I'd prefer to see the first main.txt, along with the extra.txt

They should both be located at C:\Deckard\System Scanner\< a numbered folder >\

Please locate them and post.

Read other 3 answers
RELEVANCY SCORE 122.8

I cant seem to get rid of this nasty thing. I have ran AVG and it comes up with like 13409 + .exe files so far. It is located in my Windows\Fonts Folder. It seems like i can keep running the antivirus and it keeps finding more. Is ther any way of "destroying" this thing?
Here is my Hijackthislog; Hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:23 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\PROGRA~1\INCRED~... Read more

Read other answers
RELEVANCY SCORE 122.8

Ok, to start it off i think i have had this since monday, 1/28/08
It started out as a Trojan.Vundo, i ran multiple anti-spyware/cleaners. Then i found a program called "VundoFix" it seemed to have worked, but caused 3 .dll run errors on startup. Yesterday AVG found the trojan horse generic9.aibf, it healed it, but found it again this morning.
I don't know what to do anymore.

A:Trojan Horse Generic9.aibf

RunDLL32.exe is a legit Windows file that loads .dll files which too can be legit or malware related. The "Cannot find...", "Could not run..." or "Error loading..." message usually occurs when the .dll file(s) that was set to run at startup has been deleted and it becomes an orphaned registry entry. Windows is trying to load this file(s) but cannot locate it since the file was removed during an anti-virus or anti-malware scan, or the uninstall of a program. However, the associated registry entry remains and is telling Windows to load the file when you boot up.When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error... Read more

Read other 3 answers
RELEVANCY SCORE 122.8

AVG opening every few min with a new threat! please help! Ive enclsoed Hijack File and attached "attach.txt and dds.txt.
please note there was a process highlighted in red - PING - I killed that process to try to stop the threats every few min. I hope thats ok. didn't think there should be a Ping process going on.

thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:19 PM, on 2/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C... Read more

A:AGV says I've caught the Generic9 Trojan Horse

Read other 16 answers
RELEVANCY SCORE 121.6

Hi!I am new to this forum, so please correct me if I somehow "misbehave" I usually don't surf with the IE, but recently I had to because my Opera wouldn't play some nba.com video footage.Afterwards my IE displayed two warnings about downloading either PerformanceOptimizer or NeuerSchild (German, NewShield in English) to fix a virus that infected my PC. I didn't download anything, but soon my AVG 7.5 kept popping up reporting a virus called Generic9.AQNO or Virus Lop which are supposed to be trojan horses. I selected "Move to Vault" everytime. But now IE windows keep popping up out of thin air telling me to join a browser-game called "Gladiatus", or to download NeuerSchild.As of now, there are hardly any deficits in performance, though I am still worried about the security of my PC. It is possibly of interest that I run Windows Vista Home Premium.HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:08:01, on 19.02.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG Antivirus\avgcc.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\OEM02Mon.exeC:\Program Files\Razer... Read more

A:Trojan Horse Generic9.aqno/virus Lop

Hi,let us first take care of your internal HD.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallRegards,Rosty.

Read other 6 answers
RELEVANCY SCORE 121.6

Hi,

Can anyone please help me. I've got a lot of important information on my computer and I haven't backed it up because I'm useless with PC's and didn't know at the time I needed to, now I think its too late. I have AVG free addition anti virus because my Mcafee ran out. It seems to be picking up both Trojan horse Generic9.AKBO & a virus JS/psyme but when it says heal then restart the PC they come straight back?! I've also tried running Ad-aware but no look, these programs all seem to slow the computer down dramatically, is there a reason for this or should I just delete them? I don't know how to list a Hijack this log either.

Thanks Danny
 

A:Trojan horse Generic9.AKBO & JS/psyme

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 121.6

Dear friends,
Whenever I start my computer my AVG anti-virus free edition detects Trojan Horse Generic9.AEUA in C:\WINDOWS\sarc.exe and claims to heal them.But whenever I restart my computer at a later time AVG again detects the same trojan horse in the same system file.This trojan horse however hasn't effected the performance of my computer .Pleaze help me get rid of this!!!!!!!!!

A:Pleaze help me get rid of Trojan Horse Generic9.AEUA

Please go HERE and carry out the instructions that are posted.

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

Read other 1 answers
RELEVANCY SCORE 121.6

Thanks for help and my problem with Trojan Horse Generic9.AKUT and everytime i start my pc my AVG detected this Trojan and ask me Heal it..I did and it keep coming back next restart pc . The file look like 4219413.exe and under c/windows/temp/appreciated the help and im newbie with all this stuff pls help I followed the steps i been told !Scanned with Adware and spybot .Housecall Anti Virus - scanned too took me 4 hoursMcAfee Avert Stinger v2.6.0 [1,144,839 bytes] (4/5/2006) scaned tooI got Window Firewall ONLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:47:37 AM, on 1/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\system32\VTTimer.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\... Read more

A:Inffected With Trojan Horse Generic9.akut

Anyone can help my problem pls ?

Read other 2 answers
RELEVANCY SCORE 121.6

Hello, I hope someone out there can help.
 
My mom downloaded a game from Pogo.com today called The Clumsys 2 Butterfly and AVG Anitivirus Software picked up the following infection: PSW.Generic9.BSIU. 
 
It said it was located in the following location: c:\Games\Pogo\The Clumsys 2 Butterly Effect\theclumsys2.ifn
 
The first thing i did was select "Protect Me" on the AVG software, and it said that it had successfully gotten rid of the infection.  I then uninstalled the game and ran a scan with the following programs:
 
--MalwareBytes
--Kapersky TDSS Killer
--AVG Antivirus
--Super AntiSpyware
 
My Mom's System Is:
 
HP Pavillion P6-2350
Windows 8 64-Bit
 
All of the above programs said that the system was clean.  There isn't much info online about this particular threat...but is there any other program that I can use to make sure that this threat is no longer active?  Any and all suggestions are welcome.  Thanks in advance!
 
ON A SIDE NOTE:  My mom tends to get lots of viruses on her computer and she mostly plays games that are from Pogo.com.  Does anyone know whether or not Pogo makes its users susceptible to malware and viruses?

A:How do I Remove Trojan Horse: PSW.Generic9.BSIU?

Hello Ali_bear,My name is Cody and I'll be helping you clean up your computer. I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.==========================================================================Some points for you to keep in mind:Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. ... Read more

Read other 6 answers
RELEVANCY SCORE 121.6

I had left my computer alone this morning.  Firefox was open to a blank tab but minimized.  When I came back, AVG Free 2014 was reporting a malware infection, claiming that TFC.exe was infected with a Trojan horse Dropper.Generic9.SLV.  I told it to fix the problem which sent the file to the virus vault.
Then I left the house for a while and when I came back, another notice had popped up, saying svchost.exe was infected with the same thing.  Here are the details on that second notice.
 
Trojan horse Dropper.Generic9.SLV
c:\System Volume Information\_restore{AED28984-2886-4F12-A886-B7CDBE4CC936}\RP227\A0036475.exe
Process name: C:\WINDOWS\system32\svchost.exe
 
I told it to isolate the problem, and it is once again in the virus vault.  Basically, I think I have a Trojan Horse Dropper, and I need help in getting rid of it/fixing it.  DDS log to follow, with Attach.txt added as an attachment, as per the Preparation Guide instructions.  Thanks in advance for any help you guys can provide.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 15:27:21 on 2014-01-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2043.1236 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sy... Read more

A:Trojan horse Dropper.Generic9.SLV Infection

Hello starblazers I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

Read other 25 answers
RELEVANCY SCORE 120

This computer has constant popups from AVG AntiVirus. They say: Threat Detected! While opening file: C:\WINDOWS\system32\commdl.dll - Trojan horse Generic9.AHKQ. There are options to ingnore, info, heal, and move to vault. When I try to heal it says that to finish the process the computer needs to reboot. However, after I reboot the popups keep coming.

I downloaded the dss scanner, but just as it is about to finish, windows has an error and askes me whether to send the error to mictrosoft or not. So, I do not have a log to post. The computer is running Windows XP SP2, and I did run the Panda Active scan. If you would like that log, let me know. Thanks for your help,

Brandon

Read other answers
RELEVANCY SCORE 120

Hi there, I am new to this forum! I used AVG and detected just 1 infection: While opening file: E\\WINDOWS\System32\msimg3.dllTrojan.horse.Generic9.AATH. After healing and restarting my pc, it replicates itself whenever I open IE browser.Here is my HiJackThis log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:41 PM, on 12/25/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeE:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeE:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeE:\PROGRA~1\Grisoft\AVG7\avgemc.exeE:\Program Files\Bonjour\mDNSResponder.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS... Read more

A:Can't Remove Replicating Trojan.horse.generic9.aath

Hi Pearce15!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.

Read other 24 answers
RELEVANCY SCORE 118.8

Hi, My pc acting very strange since a few days and I found with AVG and Ad-Aware about 20 various infected files and malware. Unfortunately, I didn't noted all of these but the last I noted was :

Trojan horse BHO.DFZ (file name : cmp638)
Trojan horse generic9.BESJ (file name : ptch)
Virus found lop (mlljj.dll)
...

I cleaned and removed all those I found but my pc doesn't seems like before, it's slower, many pop-ups comes with internet explorer, maybe keylogging malware are on because somes of characters i write disappear. Maybe the worst is behind me but i'm pretty sure there's again a lot to clean.

Thanks!

Note : I did all the 5 steps suggested on the site.

Panda log file :

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcbaxu.dll
Potentially unwanted tool:Application/NirCmd.A ... Read more

A:somes malwares(many pop-ups) and virus (ex:trojan horse BHO.DFZ, generic9.BESJ)

1. Download & save this file to DESKTOP - http://download.bleepingcomputer.com...+/ComboFix.exe

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 9 answers
RELEVANCY SCORE 116

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

Read other 2 answers
RELEVANCY SCORE 113.2

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 112.8

Hello guys, Thanks for the help with this.
I get a Norton AV window that pops up all the time with file names like $055C6D52.t$m for example. When I look in the quarantine folder I find Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader.Lop,Bloodhound.Overpacked, Infostealer.Wowcraft, Backdoor.Graybird as files in quarantine. I would like to eliminate whatever it is that keeps attempting to re-infect my machine.

I'm running Norton and AVG, Spybot, and Windows Defender.
I appreciate any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:45 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\... Read more

A:Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader., Multiple Infe

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

Read other 10 answers
RELEVANCY SCORE 112.8

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

Read other 12 answers