Over 1 million tech questions and answers.

New2me HP Notebook hlp w/possible virus trojan

Q: New2me HP Notebook hlp w/possible virus trojan

I was given a used HP Notebook and previous user visited a lot of naughty sites. I used sys recovery to reset to factory settings but am afraid there may be a trojan still on the computer. I am a novice so anyone who may help me, please send step by step instructions. Here's the little bit of info that I know to get:

HP 2000 Notebook PC
Windows 7 Home Premium, Service Pack 1
Intel Pentium CPU B970 @ 2.30 GHz 2.30 GHz
RAM 4.00 GB (3.90 GB usable)
Sys type 64-bit Operating System
No Pen or Touch Input avail for this display

I appreciate any and all help!!!

RELEVANCY SCORE 200
Preferred Solution: New2me HP Notebook hlp w/possible virus trojan

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: New2me HP Notebook hlp w/possible virus trojan

I may have put my post in the wrong area, so sorry. I want to know how to check for viruses or trojans and what else should I check with a new used computer.

Read other 2 answers
RELEVANCY SCORE 104.8

I do not have a boot cd/windows install disc. The computer keeps telling me it was not shutdown properly no matter how its shutdown. The person who gave it to me had taken it to Best Buy, was told it had trojan. Altho he did have AVG he visited a lot of porn sites, AVG did not pick up any viruses. When I 1st turned it on all of these different windows would open. Mostly windows offering a download to check for viruses, that was before restore to factory settings. I'm afraid it may have the trojan still hiding. Thanks for your help, I hope I got all of the data you need.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by DionneTanna at 17:49:46 on 2013-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3989.1771 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C... Read more

A:New2me HP Notebook hlp w/possible virus trojan

Now I keep getting this pop up from gzj.jsopen telling me I need to do an update and download this video player. It comes up frequently offering different downloads, very annoying. I'm afraid I did something wrong. McAfee doesn't say anything about a virus, however, when the different windows come up offering some sort of download I get a huge McAfee msg Alert saying it's not safe.

Read other 19 answers
RELEVANCY SCORE 52

I have read a few of the "stickys" and dont believe I have found any helpful info. I am in desperate need of a destructive system restore for this computer and can not find a hidden partition. I press f10 when the HP logo pops up, but the BIOS menu comes up. I cant get a restore menu to come up. Can someone please help me???

A:HP notebook zv6000 [moved from Virus/Trojan/Spyware Help]

Hi -

This seems more OS related than malware removal related, so I've moved your topic to a forum where it should receive the proper attention.

I believe you'd press F11 on bootup for that notebook, or, you should be able to begin a destructive recovery from within Windows.

Click Start , click All Programs , select System Recovery and click PC Recovery .

See if this helps:

http://h10025.www1.hp.com/ewfrf/wc/f...name=c00608578

Others may be able to better assist you should you still need it.

Read other 1 answers
RELEVANCY SCORE 50

Dear Bleeping Computer,
 
INTRO
 
You folks are wonderful. You have helped me ‘learn computers’ and extended the life of my XP’s and NT’s. Thanks.
 
My queries:
 
I write because I now have acquired - from the original owner – (although I don’t know him, I believe him) this ‘new to me’ laptop computer. It is a Dell Inspiron Windows 7 Premium Home Edition as follows (from ad, but seems correct):
 
DELL Inspiron 1545 Laptop - 15.6" - Windows 7 - Pentium Dual Core CPU
Model PP41L
2.30GHz Pentium Dual Core T4500
3GB RAM (2GB/1GB DDR2)
250GB Storage Hard Drive
15.6" HD Widescreen Display (1366 x 768)
Genuine Windows 7 Home Premium 64-Bit Installation
 
 
In summary, given my limited intended uses, I hope to learn what to dump, what to keep, in hopes of more speed and security.
 
My Main Goals and Concerns
 
I. Speed, especially when online or running a few programs.
 
On my Old Dell XP laptop, (which has most of the my still-preferred programs as discussed below), it shows that when no “Applications” are up, running and listed that first “Applications” tab of task manager, (i.e., it’s waiting for me to start doing something); I have it stripped down to where it lists only 18 to 22 memory-using processes running in the background on the later tabs. (I don’t use it online anymore and only add to it by typing or editing text documents on Word Perfect.)... Read more

A:New2Me Win7 Dell Inspiron laptop Slow & Too much junk?

If I got a 2nd hand laptop, first thing I would do is factory restore it.
 
Then uninstall junkware that comes with it. Then turn off win7 customer experience stuff and remove customer experience stuff from the scheduled tasks.
 
Do all the windows updates, but do not install the new "windows 10 junk" updates, which there's at least a half a dozen of those that you have to hide.
 
Install an antivirus like Avast free.
 
Running 3 or 4 browsers means you have 3 or 4 browsers that can be infected or have problems with. What I would do is, only install firefox, and given your privacy concerns I wouldn't touch chrome if I was you. There's no reason to get Safari, there's (effectively) no reason to use anything other than Firefox.
 
Use DuckDuckGo as your search engine, not Google.
 
Don't install Adobe anything unless you need to. An alternative to reader would be Foxit Reader, but, lately they keep trying to silently install Cloud software, so... they are both garbage as far as I am concerned I guess pick your poison and check all the settings of them every time they install a patch...
 
As an aside, you can disable your wifi network adapter when you are not using the internet (I don't recommend doing that on and off every hour, but I mean if you plan to not use the internet for 2 solid days, might as well not have it connected (given your concerns I mean))
 
You may also be interested in Libre Office, you could potentially cut your depend... Read more

Read other 25 answers
RELEVANCY SCORE 46.8

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 40.8

Referred from here: http://www.bleepingcomputer.com/forums/t/302497/help-needed-trojan-virus-detected/ ~ OBHello,I visited a website two days ago and downloaded an .exe file. When i clicked on the link, the file disappeared and Rogers Online Protection(in Canada by Rogers Communications) notified me of a trojan virus intrusion that was quarantined. I had it deleted in the middle of a full system scanning process while I was online with my infected laptopTried to run malwarebytes and couldn't update the software.I noticed that although I couldn't access malwarebytes.org, I could run some other websites which told me that the virus was still present in my system. I had started to receive random popups and disconnected my laptop. Please note that I have not gone online from my laptop ever since. I am presently using a clean computer to communicate as well as download installers/updates from this forum. Another thing to be noted is that I downloaded installers for DDS, Defogger and GMER on my clean computer and transferred to my infected laptop using a USB flash drive. I assume this is a safe procedure as I don't want to risk going online with my infected laptop. I have scanned my usb drive for viruses using Kaspersky Anti- Virus(6.0.2.690) on my clean computer and no threats were detected. I have reformatted the usb drive just to be sure.Have been following instructions outlined by boopme from Am I infected? What do I do? forum so far and did not face any problems running the ap... Read more

A:Trojan Virus Detected and Quarantined (Virus name:Trojan.Win32.Tdss.axqv)

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 15 answers
RELEVANCY SCORE 40.4

FRST LOG Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by Ariana (administrator) on ARIANA-PC on 24-01-2015 22:27:02Running from C:\Users\Ariana\DownloadsLoaded Profiles: Ariana (Available profiles: Ariana)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Intel® Corporation)... Read more

Read other answers
RELEVANCY SCORE 40.4

FRST LOG Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by Ariana (administrator) on ARIANA-PC on 24-01-2015 22:27:02Running from C:\Users\Ariana\DownloadsLoaded Profiles: Ariana (Available profiles: Ariana)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Intel® Corporation)... Read more

A:Infected with Trojan virus? Keep seing pop-ups for virus scan alert for Trojan!

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

Read other 25 answers
RELEVANCY SCORE 40

My pc is infected by following viruses:
1) Trojan.Fakeavalert
2) Trojan.Peacomm.D
3) Trojan.Perfcoo
4) Trojan.Pandex
5) Downloader
6) Dialer Trojan
7) Trojan Horse

Please let me know the steps for removal of these threats.
I am attaching a logfile from HijackThis for your reference.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:32:41, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\printer.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Program Files\Internet Explorer\IEXP... Read more

A:Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 3 answers
RELEVANCY SCORE 40

Today at CES, Samsung announced the Samsung Notebook 7 Spin (2018) and showed the Notebook 9 and Notebook 9 Pen ? new devices powered by Windows 10 that provide you with the tools you need to remain productive in today?s digital world.

Let?s take a look:

Samsung Notebook 7 Spin (2018)
The Notebook 7 Spin (2018) arrives with the Windows 10 Fall Creators Update to offer modern features that light up touch, inking, 3D, including a 360-degree touchscreen that enables digital drawing, writing and note taking with Windows Ink; an Active Pen (sold separately) for quick and easy note-taking; as well as the power and performance for more efficient multi-tasking.

Other features include:
A 360-Degree Rotating Touchscreen ? Provides the flexibility to view content as preferred, whether it be as a tablet or as a traditional PC in landscape mode
Active Pen-enabled (sold separately)? Perfect for attending meetings, conference calls or lectures, the Active Pen lets you create a sketch or jot down notes on the fly with Windows Ink
Secure Fingerprint Log-in ? Through simple fingerprint scanning, you can quickly log-in with Windows Hello and keep files secure in your own Privacy Folder
Power and Performance ? Powered by Windows 10 and equipped with an Intel i5 processor and 256GB SSD drive that allows for quicker startups and advanced multi-tasking capabilities
Voice Note ? Advanced smart recording featuring an integrated far field microphone to capture every det... Read more

Read other answers
RELEVANCY SCORE 39.2

My notebook has been effected by FAKEALERT-AQ and mcafee keeps on popping up with this message

***McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: FakeAlert-AQ (Trojan), FakeAlert-AQ (Trojan)
Location: C:\WINDOWS\system32\pphcj6mj0ega7.exe


- it is not letting panda active scan to run,so I have included DSS scan file as below




Deckard's System Scanner v20071014.68
Run by asad on 2008-07-26 00:21:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.94 GiB (less than 15%) free.


-- HijackThis (run as asad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:28 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\W... Read more

A:Notebook effected by trojan FAKEALERT-AQ

bump Please

Read other 18 answers
RELEVANCY SCORE 38.8

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 1 answers
RELEVANCY SCORE 38.4

hello,
As advised I have followed steps 1-5 except that I have been unble to run Panda scan despite multiple attempts don't know why??
similarly I cannot find extra text on running HJT.pls advise





Deckard's System Scanner v20071014.68
Run by asad on 2007-12-18 08:43:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.76 GiB (less than 15%) free.


-- HijackThis (run as asad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:02 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
... Read more

A:Notebook likley effected by VIRTU MONDE trojan

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.


Please download ComboFix
Save to the Desktop <<< Important!!

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

Read other 19 answers
RELEVANCY SCORE 38.4

Hello to everyone! Recently I tried to install an .exe which revealed to be a malware. After that, I lost the control of my computer: processes closed, error messages and so on. I immediatly performed a scan with Avira Antivir and than with Malwarebytes' Antimalware, but after some detections, both programs blocked before the end of the scan. Unfortunately, I was in a tremendous hurry, since the day after (monday) I had to accomplish an importan job. Therefore, I downloaded and executed Combofix as the last resort to save my work. And, I've to say it worked! The day after, I re-run the scan of Antivir and Malwarebytes, and they fixed many files and registry keys, the majority of them were infected by-TR/PCK.Katusha.N.3522 (Antivir)-WORM/Mariofev (Antivir)-Trojan.Agent (Malwarebytes. This was located in the original .exe files)However, I'm not sure if I'm free from any infection. Here below is the DDS log, I was not able to produce the GMER report because the scan freezed before its ending...Thank you in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Poianone at 15.36.58,78 on 13/08/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.39.1040.18.2047.1027 [GMT 2:00]AV: AVG 7.5.503 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Avira AntiVir ... Read more

A:Notebook was infected by Trojan.Agent, Katusha, Mariofev (at least)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

Hello, I'm new to the site and could really use some help.

I keep getting the following pop-up:

"
Security Warning!

Trojan.W32.Looksky detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista
Security risk (0-5): 5
Recommendations: Click Yes to remove it from your PC immediately.

[Yes] [No] "
On top of that, it redirects me to a preloaded home page not of my choosing when I open Internet Explorer. Also I noticed that 3 new icons (URL shortcuts) were added to my desktop.

My Hijackthis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:02 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard... Read more

A:Trojan.W32.Looksky on a Acer notebook running WinXP

Read other 12 answers
RELEVANCY SCORE 37.6

This is my first post on this site, and I turn to you in desparation!

I'm not sure if I have two problems, or one problem manifesting itself in two different ways, which is why I have combined this post.

I have somehow gained a programme named "Antivirus 2008" which is constantly warning me that I have 688 viruses on my computer. When this initially started, I ran my free copy of AVG. This warned me of the presence of Trojan Horses, but it was unable to remove them. The full version of AVG would, I was assured, sort the problem. In a moment of madness, I then purchased the full AVG8 programme.

On running AVG8 it informed me of the presence of a huge number of trojan horses, and offered to heal them. I accepted that option, and was informed that the trojans had been healed (or maybe it was removed/sent to the vault - to be honest, I'm getting a bit punch drunk now, and I'm not really sure)

Following this, AVG "Resident Shield Alerts" keep popping up every 15-20 seconds warning me of more Trojan horses. When I click "Remove Threats" or "Heal", sometimes I get a warning reply "Some files could not be found." Sometimes I don't. Either way, it doesnt make any difference - the next warning pops up about 20 seconds later. This is true whether I tick the "power user" box, or not.

The exact details given by AVG are :

File Name: C:\WINDOWS\system32\ppchcgq1j0elfv.exe
Threat Name: Troja... Read more

A:Anti Virus/trojan, Anti Virus Xp 2008 / Trojan Horse Downloader.fraudload.p

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 1 answers
RELEVANCY SCORE 37.6

something called DigiCert has loaded onto my pc and is doing auto searches under what appears to be "bing". It is just under the top line where websites i visit show, there is a lock logo there so when i click on it, it says digicert. From what i can tell, this appears to be a virus and it is not listed in the control panel under uninstall. It is constantly searching every last website i go to, help please??!!

A:notebook 15 virus?

 https://www.digicert.com/welcome/who-uses-digicert.htm https://en.wikipedia.org/wiki/DigiCert

Read other 1 answers
RELEVANCY SCORE 37.2

Hi, I was referred to this site by Fax from Zone Alarm forum, I found these and others viruses and malware wit WEB DR and A2.

I had in my computer before I isntalled Online Armor, A2 and Web DR. These programs, Avast, Zone Alarm PRO, Zone Alarm Forcefield, Adware, Malabyte, Spywareblaster and XofSpye.

DDS (Ver_09-06-26.01) - FAT32x86
Run by Fernando at 14:31:13.40 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.456 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.... Read more

A:Gen.Trojan.!TK, Virus.Win32.Trojan!TK, Trojan. Generi!TK

Hello, neofito.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksPlease note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

Read other 20 answers
RELEVANCY SCORE 37.2

guys , sorry for a weird question,

i want ask , when i lend my friends HDD External , lookslike his notebook have virus, then i ask him to format then safely remove, if like that , that virus will infect the HDD External after format ? and will infect too clean notebook if i plug-in to clean notebook? his Antivirus is Free Avast , my Anti virus is Kaspersky 2012 Licensed ~ Thanks ...

A:[WTA] Virus Infection from another Notebook

lookslike he have many type , even after he format i afraid that virus will infect the HDD External again , if wanna format at my clean notebook , i afraid will infect my clean notebook before format , and after format the virus from my clean notebook will infect the HDD External again ...

Read other 2 answers
RELEVANCY SCORE 37.2

i'm from indonesia, i'm sorry if my english not good . . .
i can understand if i read, but i cant write english with good T_T

Direct to the point, my notebook sometimes suddendly press tab key repeatly, i tried to fix with scan with antivirus like avast, avg, norton, etc, the virus still not found.

i tried too to reinstall the windows 7, but the virus still tabbing on progress install until the windows install completed.

Looks like the Mr. Tab start to press repeatly when i start press power button(so the virus work before windows show up)

Please help me mr. or ms...

So thanks for your attention and your help, sorry if my english not good mr. ^^

A:virus tab key on start my notebook

Welcome to the Seven Forums.

Scan your computer with this:
What is Windows Defender Offline&#63;

You may have a bad keyboard.

Read other 9 answers
RELEVANCY SCORE 37.2

My daughter's laptop computer came home with her from college this holiday season, and it's not well. She, being a freshman in a dorm, was not overly careful about the apps she ran from websites, the files she downloaded from Kazaa, the attachments she may have opened, etc. I didn't have the foresight to anticipate the expiration of her antivirus subscription, so her system has been quite unprotected for some time. The immediate symptoms included an overwhelming number of pop-ups, slow performance, mysterious dialog boxes opening up upon startup promoting on-line gambling sites and others that I can't now remember.

Steps I have taken so far include:

Updating and running the latest versions of AdAware, SpyBot search and destroy and Stinger. AdAware identified hundreds of dataminers, spyware incidents and such. All were quarrantined successfully.

SpyBot search and destroy found many problems as well and they were dealt with.

I re-subscribed to Norton AntiVirus, updated the files and ran the scan. It found and fixed several worms, trojans and other viruses. It also found a virus that it wasnot able to address, one called Downloader.MSCache. I followed the instructions on Norton's wbsite about disabling System Restore, and trying to locate the offending files by filename and size, and then processing them with a command that I can't rightly recollect right now, but it did not work. A curious symptom has arisen as I have run the scans associated ... Read more

A:Virus infected notebook..Please help?

Read other 15 answers
RELEVANCY SCORE 36.8

my notebook infected w32\rontokbro.mms virus for the past one month.my sys config,
xp sp2,40gb & i have mcafee antivirus licenced version& i have lavasoft se personal edition & spybot s&d.i cant view folder option under view menu & controlpanel & i cant enter to my regedit.
i can try to solve this issue as follows,
1-i can turn off my system restore
2-login safe and networking mode
3-updates my all antivirus & spy,adware programs
4-run a full system scan
5-remove infected files.
now i can able to view folder option under view menu & folder option,i can able to edit my regedit.but virus infected message comes again & again.my system restore point still turn off.but virus infected msg comes again &again.
in.i can install cc cleaner 138 version,to remvoe temp files & remvoe prefetch files also.but virus msg comes again & again.why this happen?
i can install avg vc cleaner,norton fixdisk tool to scan my system.there is no infected msg.i can install symantec security response tool to reset my registry.bugt i dont know how to use this.i can install symantec security response tool in my desktop only.anybody explain how to use this & how to reset my registry?
plz help me.for the past one month ,i cant use my system.plz help me

A:How To Remove W32\rontokbro Virus On My Notebook?

Hello again and salutations bournurplusher welcome to BC
pls. post your topic appropriately at the corresponding category

Read other 3 answers
RELEVANCY SCORE 36.8

Hi,
I got myself into a big trouble, by clicking on an online video which installed a virus into my computer. From then onward everything got disabled. Run command and all programs tab got disabled. I can't see C drive and also HP recovery drive when I open my computer. I am unable to backup my data as USB stick also is not working. Desktop and task bar blink continuously. I was also not able to save hijack this file. But somehow managed it by using "Downthemall"-a download manager for Firefox. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42: VIRUS ALERT!, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AUTOSH~2\AS_Service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\L... Read more

Read other answers
RELEVANCY SCORE 36.8

my notebook infected w32\rontokbro.mms virus for the past one month.my sys config,xp sp2,40gb & i have mcafee antivirus licenced version& i have lavasoft se personal edition & spybot s&d.i cant view folder option under view menu & controlpanel & i cant enter to my regedit.i can try to solve this issue as follows,1-i can turn off my system restore2-login safe and networking mode3-updates my all antivirus & spy,adware programs4-run a full system scan5-remove infected files.now i can able to view folder option under view menu & folder option,i can able to edit my regedit.but virus infected message comes again & again.my system restore point still turn off.but virus infected msg comes again &again.in.i can install cc cleaner 138 version,to remvoe temp files & remvoe prefetch files also.but virus msg comes again & again.why this happen?i can install avg vc cleaner,norton fixdisk tool to scan my system.there is no infected msg.i can install symantec security response tool to reset my registry.bugt i dont know how to use this.i can install symantec security response tool in my desktop only.anybody explain how to use this & how to reset my registry?plz help me.for the past one month ,i cant use my system.plz help me

A:How To Remove W32 Rontokbro.mms Virus In My Notebook?

Sounds like you are dealing with several issues here.Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)When you have done that, post your log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you h... Read more

Read other 1 answers
RELEVANCY SCORE 36.8

Hello.

First I would like to say hello.

I have read these guidelines

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

For now I need to say, that I didn't do the DDS and GMER logs.

From what I had deep in my memory I assumed, that you will need a ComboFix log and HiJackThis log. I have those ready to post. (Now I know ComboFix is used if everything else fails)

If you would need me to do those DDS and GMER logs. I will gladly do it tomorrow.

So back to my problem.

I'm fixing a computer of my friend. Firstly I scanned his hard drive in my own PC and deleted or disinfected the infected files (I also have a log from Kaspersky). There were couple of Trojans, trojan downloaders and also one Virus.

The next thing I have done is put the HDD back into his PC and boot the OS. Oh, it is Win XP Home SP3 32-bit.

I've browsed the running services via Administrative Tools in Control Panel. I've browsed startup objects with MSConfig, also I've deleted some registry entries (that were suspicious to me).

Internet Explorer seemed to be infected, but it could pretty well be the effect of multiple Toolbars installed for IE. (WinOptimizer toolbar, AVG antivirus toolbar). I managed to uninstall AVG free antivirus 2011 with a uninstall tool from AVG website (Add & Remove Programs entry was corrupt).

Also I uninstalled Kaspersky Internet Security 2011. (I couldn't download instructions from the website, even if the connection was... Read more

A:Virus and Trojan Infections Virus.Win32.Nimnul.a Trojan.Win32.Lebag.agi

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 36.4

Topic Title edited to show original Post Title ~KoanYorelHi I posted original post on the 6th July and have not had a replyThanks for any help that may come my wayCheers Johttp://www.bleepingcomputer.com/forums/t/98897/w32-alcra-f-virus-trojan-popper-virus-with-2-downloader-viruss/I am so sorry for double posting for some reason I cant post in the ' havent had a reply in 5 days ?'I have also tried to clean up my computer since the original post so I will put my new HiJack This log in this posting..... hope that isnt a problem.ThanksLogfile of HijackThis v1.99.1Scan saved at 6:22:43 PM, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\NMSAccess.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP... Read more

A:W32 Alcra F. Virus + Trojan Popper Virus With 2 Downloader Virus's,

Welcome to the BleepingComputer HijackThis Logs and Analysis forum magic23My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 9 answers
RELEVANCY SCORE 36.4

I have a notebook with windows 8 that whenever I click on something another window opens with a virus removal tool ad.
I am running Kaspersky that finds nothing,malwarebytes finds 70 things everytime and here is my hijack this results.
 
how do I copy and paste the reults from hijackthis?
 Thank you
malwarebytesresults
 
Database version: v2013.11.30.06
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Patty :: LAPTOP [administrator]
12/7/2013 10:08:16 AM
mbam-log-2013-12-07 (10-08-16).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 485798
Time elapsed: 1 hour(s), 23 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 7
C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files (x86)\BuzzSearch\BuzzSearchBHO.dll (PUP.Optional.BuzzSearch.A) -> Delete on reboot.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll (PUP.Optional.SafeValet.A) -> Delete on reboot.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySear... Read more

Read other answers
RELEVANCY SCORE 36.4

Hi Everyone,

Few days ago my dad opened an email which as you can see delivered all above viruses and trojans. Since then I have been going through the logs and system registery and cleaning all the trojans, I have used Symantec(norton), Ad-aware, Spybot, Xoftspy and few other spyware and adware removal tools, I have gone through step by step removing each and every files explained in Many websites, but the bloody thing keeps coming everytime I restart the pc. Oh yes, I have made a bootable cd and removed it from boot sector and memory as well but it didnt help! dont laugh but i was so pissed off, i was about to remove the motherboard battery! haha (joke)

Ok, Im not too experienced in pc like you all but i do ok, however, I need your help. First of all, the pc is 100 times slower! I get a red desktop with few internet links in it (ofcourse "warning you have spyware, click here to remove it"), I can not remove this desktop because everytime i go to remove it, the mouse wont click on any other desktop picture in display properties.

Every time i loginto windows (XP Pro SP2), I see about 20 weired .exe files loading in task manager. THey are all in system32 directory, i remove them, then they show up with a different name such as QLP.EXE, or KPE.EXE and ect.

THe most important effect is that I can not see the desktop files at all! I only have Recycle bin and on the desktop. I tried to search for the directories but they are not there, however, the search result sho... Read more

A:Trojan or Virus, Bloodhound.Packed, Backdoor.Mutny, Trojan.Startpage and Dloader-FC

run Kapersky as described here
http://forums.subratam.org/index.php?showtopic=3466&hl=bube

then download this attachment, to the desktop, rightclick it & rename it to fix.reg and double click it and say yes to the prompts to merge with the registry then post a new hjt log please

http://forums.techguy.org/attachment.php?attachmentid=53089
 

Read other 1 answers
RELEVANCY SCORE 36

my grandson's pc he has obviously been in -those- websites I have it in my place working on it .I'm looking for help getting this cleaned out please . could someone please help .I have tried ewido ,nod32 , trojan hunter. I do have highjack at the ready .
 

A:virus / trojan variant of win32/trojan downloader.purity scan

Read other 16 answers
RELEVANCY SCORE 36

A couple of days ago I got a trojan virus on my computer and I have no idea how to remove it. I use avast!antivirus and got the software needed - I think - such as CWShredder, Hijack This v. 1.97.0007 and XoftSpy v. 1,0,0,1. But I dont know how 2 use them! Please give me any advice!THX!
[email protected]
This is my log file if needed.

Logfile of HijackThis v1.97.7
Scan saved at 13:46:45, on 04-04-28
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\MXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COREL\GRAPHICS9\REGISTER\REMIND32.EXE
C:\WINDOWS\TWAIN_32\S6U12BX\WATCH.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/po... Read more

A:Solved: How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!!

Hi Darekk1982

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL

O4 - HKLM\..\Run: [Konfigurator] C:\WINDOWS\mxx.exe --start

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\PROGRAM FILES\COMMON FILES\CMEII folder
The C:\Program Files\PrecisionTime folder
The C:\WINDOWS\mxx.exe file
Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these op... Read more

Read other 2 answers
RELEVANCY SCORE 36

Question sys detected potential hazard trojan spm/lx
I have what I presume is a fake windows security message that tells me to download a probable fake anti-spyware program on my sons computer.

He was watching tv on computer and trying to log on to facebook the sound stopped he got a warning which closed before he could read it. The browser worked, fb worked he minimized the browser and the desktop was blue there was a warning that said he had spyware and had to run a scan and he clicked on the red circle x's thinking that was McAfee and it didn't do anything so he disabled his internet so nothing further would happen.
last thing he downloaded was the movie a night or two before and it ran that night fine. When I checked frostwire was running and I turned it off

He's running Windows Xp and there are two red circular icons with a white X on the taskbar and task manager is greyed out when I right click the taskbar and if I ctrl alt del it's greyed out as well.

This is what pops up:

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer|that may infect executable files. Your private information and PC safety is at risk.|To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
* Windows XP
* McAfee Security Center
I googled the virus and came across a page from this website that said to run malware bytes so I did that and saved the log and did as instructed and it seemed to go away bu... Read more

A:HTML/FakeAV Trojan, Total Security Virus, hazard trojan spm/lx

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 36

I have ran continuous spyware terminator and Spybot Search and Destroys and these keep popping up

Worm.Koobface-20
SPR/Tool.HIde.A
Virus.Sality.Y
Trojan.Inject.qyz

System Security 2009 is now for some strange reason on my desktop. I never installed in. It keeps trying to run on my system and tell me to buy it and everything....

In case the file I attached is messed here is the hijick this report

Please help! This is a crazy issue I have never seen before.

A:Major TROJAN and MALLWARE ISSUE!! (Trojan.Inject.qyz, Worm.Koobface, Virus.Sality.Y)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 36

About my computer: I use a laptop with mozilla fox as my internet. I used to get pop-ups from internet explorer which I never use. The pop-ups stopped after I remove some threats w/ IObit. Now I get frequent pop-ups and lags from mozilla. I've had this trojan called Trohan.Win32/Vundo for about 2 weeks now.IObit Security 360 Scan:Yesterday, I downloaded IObit because I needed something that wouldn't freeze/lag during a scan (I normally use comodo but it takes FOREVER and never finishes). So IObit detected about 86 threats and successfully removed them; however, 1 threat couldn't be removed which was Trojan.Win32/Vundo. I got the location which was in c:\windows\system32\yanohide.dll. I tried finding for it but it wasn't there. Also, whenever I try to load my security programs I get a message from from IObit saying that c:\windows\system32\yanohide.dll wants to connect in order for it to run (I blocked it obviously).Spybot S&D:I also tried scanning with spybot S&D but it's been lagging lately and Idk why... I had to stop it halfway since it lagged and stopped. So far it detected MyWeb.MyWebSearch (I'm guessing this is the cause of the pop-ups) and virtumonde.dll. I wasn't able to remove any of these because like I said S&D lagged and stopped. So I had to exit out of it myself..Malwarebytes Scan:Lastly, I tried to run malwarebytes but I kept getting a window that said that a file was missing (I used this bef... Read more

A:Virus/Trojan infections: Trojan.Win32/Vundo, Virtumonde.dll, MyWeb.MyWebSearch, and possibly more (?)

Hello, ViaSarah.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksWe need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

Read other 54 answers
RELEVANCY SCORE 36

A friend of mine has just bought an Acer Aspire One notebook I don't know anything about them but he says it runs on Vodafone 3g,he has only just started to use it and has asked me if he would need anti virus for it,he says he gets a prompt every time it switches it on asking if he would like to start a 30 day trial of Vodafone virus protection,could anyone tell me if this would be advisable as obviously he would have to purchase after the trial if he still wanted to use it and it might be a pain to remove,the operating system is WINDOWS 7 ,if somebody with some knowledge could advise what Anti virus he should use it would be appreciated,if for example Microsoft security essentials is recommended,what would he need to do to download this,does he need a code to get Microsoft to allow him to have the Microsoft security essentials for free,or when he downloads from the Microsoft site will it be automatic as its a genuine Microsoft O.S that he is using,sorry if this is a bit rambling but I'm a relative newbie and my mates only had his notebook for a few days
 

A:Solved: acer aspire one notebook what anti virus to use

Simply download and install it from HERE.
 

Read other 2 answers
RELEVANCY SCORE 36

My wife's Pavillion dv6000 has been running slowly recently. We have regularly run CC Cleaner, Spybot Search and Destroy, Malware bytes. We haven't found anything that stands out as a major problem. I cleaned the log files using CC Cleaner because CC Cleaner seemed to take an inordinate amount of time digging through them.
 
The hard drive shows that it is near maximum capacity but examining the files I can't determine what is filling the hard drive. We have moved all of her photos to a home server. She has a lot of music files, but it doesn't appear to be an unusual amount. Some programs take a long time to boot, others seem to boot immediately. But the same programs sometimes boot at different speeds, so it isn't the same result every time.
 
I don't have enough computer knowledge to determine whether the computer is slow because of the older age of the system or if we have a problem.
 
I would appreciate some help if anyone has the time to spare.
 
Thanks
Tom

A:Older notebook running slowly, trying to determine if it is virus or old age

-Have you tried to defragement hard drives and uninstall unwanted / unneeded programs  and disabled startup items? You can also check hard drive for errors with HDTune just in case if you have bad hard drive.

Read other 9 answers
RELEVANCY SCORE 36

Hey there - i've recently been infected with the Trojan virus. My symantec antivirus 'Auto-Protect Results' window shows up every few minutes with new threats/infections that include: Trojan.Gen, Trojan.Gen.2, Trojan.Zeroaccess.B

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
Run by G at 17:10:03 on 2012-08-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1097 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program ... Read more

A:Symantec Antivirus detects numerous counts of Trojan.Gen/Trojan.Gen.2/Trogan.Zeroaccess.B Virus Infections

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 18 answers
RELEVANCY SCORE 36

I've been getting messages from my virus software "symantec version 8.1.0.825" constantly stating that it is finding and quarantining Trojan.FakeAV and Trojan.Vundo viruses when running windows in normal mode. Sometimes the messages come in at more than 1 a second and eventually clean and quarantine fail with a message access denied. Along with this are constant messages stating my computer is infected and to purchase the fake antivirus software. I have disabled system restore and run virus scans in safemode which usually catches a file or two. I have also run trendmicro scans which catches 13 files or so. As soon as i boot up in normal windows they come back very quickly. It also appears that the viruses disable any ability to open a command line, task manager, regedit, msconfig, properties of my computer, launch the system icon from control pannel, or launch the firewall window from control pannel when running in normal mode. In safe mode i can get the task manager back with a registry edit, but thats about it. I've tried installing malwarebytes through safemode but it will only work for 2 seconds after initial installation and then the window disapears and can't be reopened. I'm here because i have nowhere else to turn short of hitting the computer with the big hammer and just reloading windows. (something i'd like to avoid of course!!!)

DDS log:

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Katie at 22:33:22.42 on Wed 10/14/2009
Internet ... Read more

A:Trojan.FakeAV, Trojan.Vundo, Antiviruspro 2010, windows police pro, advanced virus removal

Thanks for all that reviewed my logs. I was able to solve the problem by starting the computer in safemode and installing malwarebytes. The problem was the virus was deleting the malwarebytes program before i could run it. I was able to install and quickly copy the executable file to the desktop before it was deleted. The virus deleted the file out of the program files folder. I added it back in from the desktop and it worked!!! Great program, cleaned everything up!!!

Read other 2 answers
RELEVANCY SCORE 36

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

Read other 3 answers
RELEVANCY SCORE 36

windows keep popping up , all my security programs can not run, i cannot install windows defender, and the computer is much slower (and constant stating that spyware has been detected). Below, I have pasted the log and info text file generated from the RSIT program. Thank you or all your help!!!Logfile of random's system information tool 1.04 (written by random/random)Run by Narda at 2008-11-29 16:46:41Microsoft Windows XP Home Edition Service Pack 2System drive C: has 6 GB (44%) free of 14 GBTotal RAM: 511 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:27 PM, on 11/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files ... Read more

A:Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open o... Read more

Read other 20 answers
RELEVANCY SCORE 36

I got rid of this virus through spyware doctor and was able to remove 4% of space, but defrag needs 15% to work properly. How to I go in and find where they put all this stuff to use up my C-drive and remove it? I have my defrag logs but they don't tell me where the problems are located. I'm happy to post a new log if someone tells me what they need. Any ideas? I have posted latest defrag log.
Thanks

A:Help with Trojan Downloader.agent.BDBU/Virus gone how to reclaim trojan used ram

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 36

Hi,
My computer has really slowed down ever since I got these viruses. It also crashes randomly and gives me a blue screen. I tried to do a system restore but failed. Bitdefender 2011 keeps on telling me that its blocking a virus called "Trojan Generic" and also another one called "Trojan Horse" but the box keeps on popping out every 10 seconds or so. I have scanned my computer with HijackThis and will post the resulst below. I will appreciate any suggestions anyone out there has since I've tried on myself for a week to remove it with programs like Malwarebytes, Spyware Doctor(actually bought it 2 days ago but it did nothing), Bit Defender 2011, AVG 2012, and have failed to remove it. Thank you for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:09 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Gabriel DLT\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)... Read more

Read other answers
RELEVANCY SCORE 36

OK HERES MY PROBLEM I HAVE A TROJAN VIRUS ON MY COMPUTER I HAVE NO IDEA OF HOW I GOT THERE. ITS BEEN DETECTED ON MY COMPUTER AND I HAVE BEEN TRYN ALL WEEKEND TO REMOVE IT FROM MY COMPUTER. I REALLY DONT CARE IF I HAVE 2 REMOVE IT MANUALLY OR BY SOFTWARE I REALLY WOULD LIKE 2 REPAIR IT MANUALLY RITE CAUSE I DONT HAVE NE MONEY 2 BUY SOFTWARE 2 FIX IT RITE NOW!!!!! SO IF ANY ONE CAN HELP ME CONTACT ME BY EMAIL AT [email protected]

THANKS 4 THE TIME
 

A:How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!!

Read other 6 answers
RELEVANCY SCORE 36

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 35.6

My computer was full of viruses. I've been able to rid it of all but 2. These 2 are keeping me from repairing, uninstalling, or reinstalling my symantec antivirus. The only virus scan that I've found that can even detect them is safety.live.com, housecall, malwarebytes, and the trojan scan don't even detect it. Safety.live.com finds it but cannot repair it.

Any suggestions would be GREATLY appreciated!

A:can't get rid of virus no matter what i try....trojan:win32/Sudiet B and trojan: Win NT/tib.gen!

Hello ,I have been unable to get back to you but anyway please run these now.Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Now SAS:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make ... Read more

Read other 14 answers
RELEVANCY SCORE 35.6

anti virus pro 2009 trojan downloader.x trojan and more

Web pages were being redirected. i ran mcafee scan it deleted 20 instances of anti virus pro 2009 trojan. ran again and found afew more plus downloader.x

the web pages are no longer redirected but there are sooo many processes running that i dont think it is clean.

i also ran eusing registry cleaner.

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:17 PM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS... Read more

A:anti virus pro 2009 trojan downloader.x trojan and more

Can anyone help me? please
 

Read other 1 answers
RELEVANCY SCORE 35.6

Hi you helped me disinfect one of my computers now I have an even bigger chore with another computer. It is so infected right now. I have found the Trojan Crypt.B and Trojan IRC/backdoor.sdbot.myx viruses on my computer. I tried to follow the instructins for what you suppose to do before you post a HJT log. Unfortunately my comp won't show my the add/remove programs. I did my updates for what it would let me download and and ran all the virus and spyware scans. Hopefully you can help me with this problem.

Her is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:01:51 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\HEYWOO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microso... Read more

A:Trojan Crypt.b and Trojan backdoor virus problems

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.


Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Restart and run a new scan with... Read more

Read other 1 answers