Over 1 million tech questions and answers.

Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Q: Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
Trojan 1.PNG 72.1KB
8 downloads
Trojan 2.PNG 55.63KB
8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
Attach2.txt 811bytes
4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
Attach3.txt 1.02KB
3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connection is working now...the wireless switch had been inadvertently switched off.
 
The AVG firewall is enabled on the computer. I'm not sure what to do from this point. Thank you!

RELEVANCY SCORE 200
Preferred Solution: Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
AVG Resident Shield results 1.png 812.84KB
3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers
RELEVANCY SCORE 149.2

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 137.6

Just so you know, I'm not allowed to download anything. My dad might think it would blow the computer up. I use AVG Free, it came with the computer that was donated to us, due to us being broke.

BTW: I am a limited user

Read other answers
RELEVANCY SCORE 137.6

Hey guys, Im new to this forum so hopefully Im doing this right. I run Windows XP and am using Internet Explorer. A few weeks ago I started having problems with my computer. The background has now turned black and has a Red "Warning" sound that is blinking. It also says "Dangerous Spyware, Many viruses were found on your computer such as: Trojan Horse, Passcapture, etc. I was advised to download AVG and run it, which I did. It found a bunch of threats and I thought it had removed them? My computer has now gone back to teh original desktop background, but now I cant access my Internet (I use it wirelessly) and every time I reboot my comp a screen pops up back on startup that says "Threat Detected. File Name: C:WINDOWS/system32/userinit.exe Threat Name: Trojan Horse Downloader.Generic8.PEI Detected on Open"

My problem now is I cant access the internet to download any virus removal programs. I appreciate any help or info you could offer, thank you so much! Please let me know if I left any info off. Thanks!

A:Am I Infected? Trojan Horse Downloader.Generic8.PEI?

Any ideas guys? I appreciate your help.

Read other 3 answers
RELEVANCY SCORE 132

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

Read other 17 answers
RELEVANCY SCORE 131.2

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 127.2

Hi... Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here. Here is the link: Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll), This will not go away no matter WHAT I do!!!Here's a summary of where I started and where I am now:I am utilizing AVG antivirus as my main AV. I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program. The problem is that AVG keeps locating a virus and lists the following: OBJECT: C:\Windows\System32\compstu.dll RESULT: Trojan horse Generic8.YAF STATUS: Infected. I downloaded MBAM and utilized it. This did clean out the "house" however, it did not see the compstu.dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process. The file ALWAYS comes back. The AVG error that pops up is "Threat Detected! While opening file: C:\Windows\system32\compstu.dll Trojan horse Generic8.YAF.The file has also been identified as Trojan. Download-Gen/N_BHO by another of my programs. Since my original post, SAS, ATF, and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others. Many of the logs would come up clean one time and then dirty the next with various registy entries, and of course the ever prese... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the la... Read more

Read other 13 answers
RELEVANCY SCORE 126.8

Hello ya'll, I am running Windows 7 and have been affected with a Trojan Horse Dropper and no matter what i've done I can't get rid of it. Can someone please help. AVG found Trojan Horse Dropper.Generic_c.MMI in windows\system32\services.exe

A:Help! Infected with Trojan Horse Dropper and can't get rid of it

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 11 answers
RELEVANCY SCORE 126.8

Hi All,
I ran my AVG and it found Trojan Horse Dropper.Generic2. BANC in the C:\System Volume Information

Avg quarantined the infected file but keeps coming back. Has anybody any removal ideas?

A:Infected Trojan Horse Dropper

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 125.6

3 days ago AVG antivirus notified me that threats were detected by Trojan horse dropper.generic_c.MMI. All files were moved to vault and deleted however alerts continue to pop up. I downloaded MBAM which also found threats and removed them but they just reappear after reboot. Now MBAM only finds Trojan horse dropper BCMiner, however AVG continually alerts about c.MMI. Computer is significantly slower with all processes and I am often redirected now w frequent pop ups when using Firefox.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Home at 21:09:56 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2435 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k ... Read more

A:Infected with Trojan horse dropper.generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 125.6

When I started my computer I received a message saying "The NTVDM CPU has encountered an illegal instruction. CS 0000 IP: e7e7 OP: 33 3c 37 75 32" Click cancel to terminate. I then looked this up and ran an avg scan which found the above file along with Trojan horse Small.AU, Trojan horse Agent_r.IE and Trojan horse SHeur2.SCQ. I deleted them then restarted my computer only to find the same thing happen and the same files on the virus scan. I ran HijackThis and then DSS as recommended by this site. Here is the DSS log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Bulman at 19:45:16.96 on 25/02/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.91 [GMT 0:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:&... Read more

A:Infected with Trojan Horse Dropper.Generic_c.APK

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 125.6

A colleague downloaded it and after he realized he have virus on office PC he started some of virus removal tools i think it is supertrojan removal. So i need now hlp with removal.
DDS (Ver_10-11-27.01) - NTFSx86
Run by APSWTOMO at 15:16:43,10 on uto 30.11.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2075 [GMT 1:00]

AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

D:\PROGRA~1\AVG\AVG10\avgchsvx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\AVG\AVG10\avgtray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
D:\Program Files\AVG\AVG10\avgfws.exe
D:\Program Files\AVG\AVG10\avgwdsvc.exe
D:\W... Read more

A:Infected Trojan horse dropper.generic2.fan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

Read other 3 answers
RELEVANCY SCORE 125.6

Hi, I'm having great difficulty with a Trojan horse. It infected my PC 3 days ago and AVG apparently dealt with it, yet my machine is now running considerably slower and i continually get DC'd from net and World of War craft. In addition to this my machine is crashing and i now only have 6G of free space on my HD. When it crashes i get a fast blue screen followed by a black screen and a beep as it reboots. I know doubt have been lazy in my PC maintenance in general and a good clean out is probably in order, but right now i cant even finish the GMER scan with out it crashing. If anyone can help it would be most appreciated - here is the DDS info and attached file also. I'm not real techno minded - so detailed replies are probably necessary If you need further information please ask.Again, my PC crashes before i can complete the GMER scan, hence it is not attached. I have tried for 3 hours to finish this scan to no avail.JeffDDS (Ver_10-03-17.01) - NTFSx86 Run by Jeff at 11:16:31.86 on Tue 05/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3071.2112 [GMT 8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k Wudf... Read more

A:Infected with Trojan horse Dropper.Generic2BCVR

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 125.6

Yesterday, my computer was somehow infected with a Trojan horse Dropper. The exact name it gives me is Trojan Horse Dropper.Generic_c.MMI. It seems to affect my system.exe file so AVG won't touch it and Malware Bytes doesn't even see any threats when I run it. I think it came from an adobe update. (I'm assuming it was fake, but looked totally legit.) I am typically pretty savvy with the malware and viruses and am pretty good at keeping them off my machine or getting rid of any that do make it in. This one has me stumped though.

I do see that someone else posted this same topic but I felt I should post my own because our computers are different and may not require an identical fix. I read that I should not post any logs until I am asked to do so which is why there are none with this post. Thanks in advance for any help!

EDIT: I see that you guys want this log in the initial post-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:51:15 PM, on 8/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Mike\Downl... Read more

A:Computer infected with Trojan horse Dropper

Read other 12 answers
RELEVANCY SCORE 125.6

I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist. I don't know what other steps to take. Thanks.

A:Infected with Trojan horse Dropper.Generic_c.MMI ?

Welcome GastlyKazooDropper.Generic_c.MMI has the ability to download many other malwares, backdoor Trojans or worms so you should change all passwords when done.Lets run a few tools and look at the logs please.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk wit... Read more

Read other 6 answers
RELEVANCY SCORE 125.6

Hello everyone,I was directed here from the "Am I infected? What do I do?" forum, because my issue required advance tools to resolve. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic461505.html ~ OB My issue involves a virus that infected my computer through a fake Adobe Flash Player update, which was detected by my anti-virus program, AVG Anti-Virus Free 2012. I posted the following description:Hello everyone,I am having an issue with an apparent trojan horse virus detected by my antivirus program, AVG Anti-Virus Free 2012. The problem started earlier today, and seems to have occured after I installed a suddenly appearing update for Adobe Flash Player, which I ignorantly accepted. Since then, each time I start up my computer, the desktop icons are rearranged to the left as though the arrangement has been reset, and I have been getting the following warning from AVG Resident Shield frequently:File name: c:\Windows\System32\services.exeThreat name: Trojan horse Dropper.Generic_c.MMIProcess name: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (changed, see below)Process-ID: 3068 (changed, see below)It should be noted that the process name and -ID were different at first, but after searching Google for a while, I found a recommendation of installing AVG PC Tuneup, which would supposedly solve the issue with the desktop icons. However, after installing and using the program, the warning from AVG Reisdent... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 19 answers
RELEVANCY SCORE 125.6

Hello!Over the past few days I have been having computer troubles (since the 15th).I have found numerous amount of trojans on my system since the 15th, yet I have no idea how I would of been infected.Some of my problems include:On a google search page, when I click a link, it randomly redirects me to a random advertisement webistePrograms randomly closeDownloads download fast, then suddenly slow up (flash games)Cannot access Windows Update page AT ALLI have AVG Anti-Virus on my computer which notified me of this problem; and notified me it has - it pops up every 10 mins with a trojan warningWhen i click Heal virus, it says the file location is inaccessibleMy specs:HP Pavillion dv9000Windows XP Media MoSystem Edition 2005 SP3AMD Turion 64 x2 Mobile 1.61 GHz1.96 GB RAMI noticed the security advisory that came out on the 10th and it kinda worries me that this has happened to me all of a sudden.http://s881.photobucket.com/albums/ac19/2big2fit/?action=view?t=untitled.jpghttp://s881.photobucket.com/albums/ac19/2b...pg&newest=1

A:Infected with Trojan Horse Dropper.Generic2.UHE

Try this:1. Download McAfee Stinger from here. This is a stand-alone executable file, so the easiest thing to do is just save it to the desktop.2. Download Malwarebytes Anti-Malware from here. Install it and update it once installed, but don't run a scan yet. It works very similarly to other anti-virus software.3. Download SuperAntiSpyware from here. Same drill as above: install, update, but don't scan yet.4. Update AVG manually, just to be sure it has the latest definitions.5. Reboot and restart in Safe Mode.6. Run McAfee Stinger first. This program is designed to catch infections that can disable or cripple other virus scanning software.7. Run AVG8. Run SuperAntiSpyware9. Run Malwarebytes Anti-MalwareBe sure to run the full scans for SuperAntiSpyware and Malwarebytes, not quick scans. If any of the programs detect a problem, quarantine the detected entries and move on to the next program.Once you've gone through all the scans once, reboot, update everything (except Stinger) and start over at step 5. Don't skip steps!If everything comes back clean the second time through you should be all set. If not, come back and let us know.

Read other 1 answers
RELEVANCY SCORE 125.6

Hi, boopme redirected me here after having me run the following scans: MiniToolBox, TDSSKiller, SUPERAntiSpyware Free, and ESET Online Scan. Boopme determined that the rootkit is protected. Below is my original post to the "Am I Infected?" forum. I am attaching the DDS text log. I did not run GMER since I am on a 64 bit system.

"I am running Windows 7 Home Premium SP1 on a Dell XPS L511Z. I keep getting pop-ups from AVG Resident Shield Alert that say
"Threat Detected!
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI (More info)
Detected on open."
The only option given is "Ignore the threat," and then occasionally it will go to another screen that says "Multiple threat detection." It will then list multiple Trojan horse infections with the option "Remove all unhealed." However, clicking on this does not remove the problem at all. I have run AVG Free, SUPERAntiSpyware Free, Malwarebytes Anti-Malware, and ESET Online Scanner. Even though they have detected the Trojans (with the exception of SUPERAntiSpyware) and said that they removed them, the pop-ups from AVG still persist."
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Barbossa at 18:51:58 on 2012-08-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3297 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 15 answers
RELEVANCY SCORE 125.6

Hello,

I have been infected with Trojan horse Dropper.Generic_c.MMI, file name: c:\Windows\System32\services.exe

My computer has SEVERELY slowed down. Could you please assist me.

I have downloaded MalWare Bytes but it seems it is unable to resolve the issue.

Thank you.

A:Infected with Trojan horse Dropper.Generic_c.MMI

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 23 answers
RELEVANCY SCORE 125.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:31:36, on 09/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\BillingExplorer Ver 4.43 DeskPro 4.0\billing16.exeC:\Documents and Settings\Server\Desktop\HiJackThis\HijackThis.exeR0 - HKCU\So... Read more

A:Infected With Trojan-horse Dropper Agent Git

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
I apologise for the delay you have experienced, but as you may have noticed our HijackThis Team is very busy at the moment.
If you still require assistance, please reply with a new HijackThis log, then we'll get started.
Thanks,
Charles

Read other 2 answers
RELEVANCY SCORE 124.8

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 124.4

Hi,

I recently got a recurring message from my AVG9 that C:/Windows/System32/services.exe has been infected with a Trojan. The only option I am given is to "Ignore", presumably because it's a system file and cannot be removed. I am competent enough with a computer but this is my first virus so hopefully someone can help me.

There are no initial "symptoms". Windows is working fine, computer isn't shutting down, Hard drive isn't deleting itself but the problem is there and I'd like to get rid of it ASAP. Here are the log files requested:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:05, on 02/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
C:\Users\Conor\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Conor\AppData\Local\Akamai\netsession_win.exe
C:\Users\Conor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nero\Nero 11\Nero Ba... Read more

A:Services.exe infected with Trojan Horse Dropper.Generic_c.MMI

Read other 16 answers
RELEVANCY SCORE 124.4

DDS (Ver_09-07-30.01) - NTFSx86
Run by conrad at 16:34:48.67 on Mon 08/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3007.2349 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\OpenOffice... Read more

A:Infected with trojan horse dropper.generic.avjt

hi Naphtali,

Sorry for delay, no shortage of posters. Your log is several days old, if you still need help with malware reply to my post.

Read other 1 answers
RELEVANCY SCORE 124.4

Hi wonder if someone could help me, recently got infected with nasty malware bundle and I have removed most of it using the likes of Spybot, Malware byte etc. But I have an infected services.exe file that I cannot seem to get cleaned up. Hijack this log file listed below. AVG is reporting the infection is caused by
"";"C:\Windows\System32\services.exe";"Trojan horse Dropper.Generic_c.MMI";"Object is white-listed (critical/system file that should not be removed)"
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:23, on 22/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft\RATTV3\RATT.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray... Read more

Read other answers
RELEVANCY SCORE 124.4

AVG keeps telling me that I am infected and I have tried everything to clean it (Malwarebytes,ESET, AVG Scan, etc...). The message is as follows: "Object name";"C:\Windows\System32\services.exe", "Detection name";"Trojan horse Dropper.Generic_c.MMI", "Object type";"file", "SDK Type";"Core", "Result";"Object is white-listed (critical/system file that should not be removed)". The symptoms I have are as follows:

1. AVG Warning every hour or so
2. redirect problems when clicking search results in Google using FireFox
3. Can't open Gmail using Google Chrome
4. tabs are occasionally opened in FireFox with make money pages
5. can't enable Windows Firewall

Other than that my computer is working normally.

Results of DDS aree as follows:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by stnewton at 16:03:59 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)... Read more

A:Infected with services.exe Trojan horse Dropper.Generic_c.MMI

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 18 answers
RELEVANCY SCORE 124.4

Hello, all.

I am sending this on behalf of a friend who's on the internet and too far away for me to deal with the machine directly.

Her machine has been infected by malware. AVG reports an infection with Dropper.Generic.BHHB, and says that there are infected svchost.exe files in c:\windows\temp\xxxx.tmp, where xxxx changes. It seems to be happening a lot, and more frequently after a reboot.

Moreover, when she attempts to restart the machine in safe mode, the machine gives the BSOD.

I have attached the Attach.txt file.

Any help would be very greatly appreciated.

Here is the DDS.txt file she was gracious enough to send (username obscured):
DDS (Ver_09-12-01.01) - NTFSx86
Run by abcdef at 17:53:02,56 on 03.12.2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1033.18.1014.226 [GMT -8:00]

AV: System Defender *On-access scanning enabled* (Updated) {08D58008-3BA2-4027-B635-9F8DF2407650}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: System Defender *enabled* {A7B555AD-ECFD-40A1-9C7C-4F0FB2D523C4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\... Read more

A:Infected with Dropper.Generic.BHHB Trojan Horse

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 124.4

I seemed to have picked up some Malware from where, I have no idea & its affecting my startup files to the extent that my PC is not only slow but necessary startup programs are prevented from running by AVG 9.0.830 DDS Log below - GMER and the second DDS logs are attachedPlease help - Much appreciatedDDS (Ver_10-03-17.01) - NTFSx86 Run by Aslam at 22:53:18.93 on 10/07/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.296 [GMT 2:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\DStv ON DEMAND Desktop\DCBin\DCService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSR... Read more

A:Infected with Trojan Horse Generic18.ENE & Dropper.Generic2.RVQ

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 5 answers
RELEVANCY SCORE 124.4

Recently I got infected with one of the many malwares out there, I think it was called Antispyware <something> (couldn't find it in the list here on the forums at the time). I managed to get rid of that with a little bit of work, and removed some trojans using MBAM. I run ZoneAlarm and AVG free 8.5.437.Unfortunately, there are still trojans resident in a lot of system files, that AVG can't remove. In addition (or as a result, maybe), I get random website popups that I never got before. All the other symptoms are there as well, such as very slow startup and very slow operation in general (which was not the case before the infection).Here's my DDS log (GMER and the second DDS logs are attached). Thanks for helping!DDS (Ver_10-03-17.01) - NTFSx86 Run by Adri at 11:02:40,73 on 2010-06-13Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2046.1447 [GMT 2:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Drivers\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Drivers\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:... Read more

A:Infected with Trojan horse Generic18.ENE and Dropper.Generic2.RUA

GreetingsOne or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:... Read more

Read other 10 answers
RELEVANCY SCORE 124.4

A system file on my computer called userinit.exe is infected with a trojan horse and I am not able to delete it as it is a system file. When I turn my computer on, AVG pops up with an alert saying it has found 2 trojans in C:/WINDOWS/System32/Userinit.exe but they cannot be deleted. Each time I scan with Anti Malwarebytes, it appears to have more and more trojans that AVG has not picked up. I have run several different antivirus softwares and cannot solve the problem. Please help!!!

A:Userinit.exe infected by Trojan horse Dropper.Small FDF

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 124

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers
RELEVANCY SCORE 123.6

"Trojan horse PSW.Generic8.RDX";"c:\Documents and Settings\Clay\.jnana\ofex.exe";"Object is inaccessible.";"9/7/2010, 8:18:23 PM";"file";"C:\Program Files\Java\jre6\bin\java.exe"

This is the message i get from AVG about every 10 mins or so,I did a system scan nothing found, resident shield has this in its log as threat found, How do i remove. I also ran malwarebytes with no detection. Running Win XP 32-bit HOME

A:Trojan horse PSW.Generic8.RDX

Download the following:Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan w... Read more

Read other 6 answers
RELEVANCY SCORE 123.6

AVG noted that an optical drive is infected and cannot be healed or removed. I need your kind help to resolve this issue.

Shalom
Trininorm

Read other answers
RELEVANCY SCORE 123.6

I'm running AVG for my virus protection and it keeps showing a trojan horse generic8.cxs when I do scans. I heal/fix the problem, its fine for a bit, then the active scanning finds the virus again. I've run the 5 step process, but I'm not able to complete a scan with HJT. It freezes at the 015 Trusted Zone Enumeration, then I have to ctrl*alt*del and close it because HJT is not responding. Hope someone can help me out.

Here is what pandascanning found...

Incident Status Location

Adware:adware/neededware Not disinfected Windows Registry
Potentially unwanted tool:application/iwon Not disinfected HKEY_CLASSES_ROOT\Interface\{550E93D0-2E7B-11D4-AEE2-0050DAC24E8F} ... Read more

A:trojan horse generic8.cxs

Sorry, but I re-ran HJT this morning to see if I got any better results w/out it freezing up and I did. Here is the HJT Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:19 PM, on 11/23/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN... Read more

Read other 1 answers
RELEVANCY SCORE 123.6

Hi all and thanks in advance to anybody who helps out with this situation.Basically AVG's resident shield alerted me to the above malware when I opened up a folder on my computer that I hadn't used in quite some time. I moved it to the virus vault and then deleted it, hoping that that would be the end of it. Round about the same time, and I'm not sure if this is connected, but I noticed I was getting something a bit peculiar going on with my USB devices. The safely disconnect hardware icon had disappeared, which I know isn't particularly strange in itself, but when I used a shortcut to open up the safely disconnect window none of the USB devices were showing up in it, although I could still access them just fine using My Computer and the autoplay function worked ok when I 1st plugged them in. In order to try and correct this weird USB issue I tried to perform a system restore, but the PC wouldn't complete it, so I tried again in safe mode to go to the same date and this time it worked (on reflection, I'm not sure this was one of my smarter moves - the safely remove hardware icon returned and worked fine with my 2 gig flash drive, but when I plugged in my external media playing hard drive the same problem occured - if this isn't at all related to the malware problem, then I do aplogise). After the system restore, I scanned the folder that the original virus had been in, without opening it, and it found it again and returned it to the virus vault. No... Read more

A:"Trojan horse PSW.Generic8.VNU"

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 14 answers
RELEVANCY SCORE 122.8

AVG detected a threat Trojan horse Dropper.Generic_c.MMI

ran a full computer scan with avg and it said the object is white listed and can not be removed C:\Windows\System32\services.exe . Plus, Google chrome wont let me access https websites and https websites that it does let me go through, says it has a weak algorithm. All my internet browsers also keep redirecting me to random ad pages.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Syed at 18:55:17 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1246 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Win... Read more

A:Infected with "Trojan horse Dropper.Generic_c.MMI" on systems.exe file

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 20 answers
RELEVANCY SCORE 122.8

I'm getting pop-ups while using Firefox, no other noticeable impact at this point. AVG is sending me warning messages about the viruses.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sam at 19:40:16 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3561.1696 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Prog... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI and Luhe. Sirefef.A

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 122.4

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

A:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 122.4

well long story short i have had bad slowdown last 5 days i scanned and found this and i used the "heal" options from avg what found it, after that i rescanned 5 times of 3 days due to still very bad slow down and i used also adware an edtion and spyware doctor nothing came up. now i just using malwarebytes and as it going threw the scan avg just picked it up again threat and i dont know what to do... i still got the pop-up up
 

Read other answers
RELEVANCY SCORE 122.4

I am running window 7, with AVD 2011 Free, Malwarebytes, and Spyobt search and destroy.
Only AVG picks up the trojan horse psw.generic8.avto, it picks it up twice and takes care of one of them, but the second file which AVG shows in memory it will not take care of. The second entry in memory stays there and keeps coming back. ANy suggestions?
Thanks

Read other answers
RELEVANCY SCORE 122.4

My AVG found a Trojan Horse this morning.

Trojan horse PSW.Generic8.BTOM
C:\System Volume Information\_restore{1C36814A-52F7-4712-B6DD-8EB5E13D8619}\RP239\A0036401.DLL

It wont show a name for this one.
C:\WINDOWS\TEMP\EXPLORER.EXE

It also seems to be sending me to different websites when I do a google search.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:13 AM, on 6/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe... Read more

A:Trojan horse PSW.Generic8.BTOM

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 122

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 122

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 122

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

Read other 2 answers
RELEVANCY SCORE 122

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

Read other 1 answers
RELEVANCY SCORE 121.6

AVG found Trojan horse Dropper.Generic_C.MMI on my computer today. Also, I've been having problems for a couple of weeks with my Google search being hijacked occasionally (it redirects me to a different page than whatever link I click on). I read through the preparation instructions and did everything but turn on the firewall, because I couldn't (I read somewhere that this problem turns off security settings). Please help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by James at 20:05:01 on 2012-07-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2617 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k Loc... Read more

A:Infected with Trojan horse Dropper.Generic_C.MMI and google search seems to be hijacked

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 120.8

this virus showed up in an AVG warning on my kids' computer. i tried restarting the computer in safe mode, but the computer won't go past the login screen (there are separate login ids for each of my kids) to let me login as Administrator so that i can do the recommended fix for this trojan. help!

the computer is a dell desktop running windows xp home edition.
 

Read other answers