Over 1 million tech questions and answers.

Trojan horse downloader.Keenval.C

Q: Trojan horse downloader.Keenval.C

My computer is running slow, pop ups galore, audio advertisements in the background. I ran AVG and it found this particular trojan. How do I get rid of it because my computer is still not right. Thank you in advance--Barb

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Trojan horse downloader.Keenval.C

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 110

A few days a go I had a message appear from AVG 6.0 for windows saying this:

---------------------------------------------

Virus
Trojan Horse Downloader.Keenval.C

is found in file
C:\System Volume Information\_restore{BD7176AB-15A2-46A7-9CC9-EC919C9F3986}RP17\A0001249.exe

To remove this virus please run AVG for windows

----------------------------------------------

I ran AVG and it managed to pick it up and apparently remove it. No more that two days later I recieve the same message and run AVG again, although now it seems it can't pick it up. This message is now constant, appearing at least once every 2-3 hours... is anyone able to provide some guidance on how to remove this virus?

My system is as followed:
Windows XP Professional
Version 2002
Service Pack 1

AMD Duron
946 MHz
192 MB Ram
If there is any other information needed to help solve this problem, please let me know. This is my last restort...
 

A:Trojan Horse Downloader.Keenval.C

Logfile of HijackThis v1.98.2
Scan saved at 7:02:26 PM, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
C:\Program Files\United Devices\UD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\United Devices\ud_7174683.exe
C:\Program Files\United Devices\ud_7174683_0.dir\ud_ligfit_Release.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Courtenay\My Documents\Setup Files\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.... Read more

Read other 2 answers
RELEVANCY SCORE 106.4

Problems with pop ups, slow computer, numerous things going on. AVG detected this particular trojan but still believe it is or somthing is still running in the background. How do I get this cleaned? Thank you in advance.
 

A:Trojan horse downloader.Keenval.C {Moved thread, needs assistance}

Read other 6 answers
RELEVANCY SCORE 84.8

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 84.8

Good Day,Can anyone help me with this as already cleaned up a lot but can't get rid of this trojan A0341715.CPY Downloader.keenval.0 Thank you in advanceLogfile of HijackThis v1.99.1Scan saved at 10:15:52 AM, on 3/6/2006Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGWB.DATC:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXEC:\DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Sta... Read more

A:Infected With High Trojan Downloader.keenval.o

Hello ospy and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

What program is reporting the presense of the Downloader.keenval.0 infection and what file (and location) is it being reported in? Post back with the file name and the full path to the file and I will review the information when it comes in.

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 84

Hi.

I have a problem with these Trojan i cant get them removed from my computer.
I have OS Windows XP.

The Themida.DO Trojan i got when i downloade some program and opened a exe file.
The Downloader keenval, i dont got i clue where it came from, maybe the same program.
I have tryed running, Norton AntyVirus, RegistryFix, SpyBot - seach and Destroy, Ad-Aware, Spysweeper and F-Souce internet service(this program pops op with windows, this is what is in them.)

None of these program, cant removed the Trojans, i have tryed now in about 5 hours the removed this trojans, adware and virus's but nothing simes to work.
----
Adware.win32.neon
Spyware Detected.
Type: adware
Object: C:\windows\ibbho.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
oject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\43014607.dll

-

adware.win32.perfnav
Spyware Detected:
Type: adware
Object: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

adware.win32.altnet
Spyware Detected.
Type: adware
Opject: C:\Documents and settings\all users\ application data\symantec\norton antivirus\quarentine\4d60311f.dll

-

Evil minded kode found in file: 48c20957.exe
Infected. Trojan downloader.win32.keenval.g

---

Thats the "only" one i got until now
I have runned out of id... Read more

A:Trojan Themida.do, Trojan Downloader.win32.keenval.g

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------Getting into Windows Safe Modehttp://www.computerhope.com/issues/chsafe.htm(pre-Vista OS's)

Read other 4 answers
RELEVANCY SCORE 80.8

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 80.8

Logfile of HijackThis v1.99.1Scan saved at 21:38, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 75.6

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 75.6

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 74.8

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader.gen has been quarantined. Symantec rates it very low and Spy Sweeper rates it very high as far as risk level.
I scanned my computer with Spy Hunter, Spy Sweeper, Symantec Anti-Virus (in safe mode) and Trojan Remover, all with the latest definitions. No trojans or other problems found.

If you go to www.artray.com/quarantine, there are three .bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in, which is c:\winnt\temp

Can someone please help me remove these trojans. I am on a pc running Windows 2000.

Bob
Email is ptaker at gmail dot com
===========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41 PM, on 3/7/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\... Read more

Read other 2 answers
RELEVANCY SCORE 74.4

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 74.4

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 73.2

I appreciate all the help anyone can provide me in cleaning up my computer!I'm running WinXP SP2 with AVG Anti-Virus. With-in AVG's Vault I currently have 22 various Trojan Horse viruses, of three types:Trojan Horse Clicker.SXT with Path = C:\WINDOWS\system32\23lbM227.dllTrojan Horse Downloader.Generic8.ENX with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeTrojan Horse Downloader.Zlob.AGWB with Path = D:\DOCUME~1\Elliot\LOCALS~1\Temp\<-8 random letters->.exeLogfile of random's system information tool 1.04 (written by random/random)Run by Elliot at 2008-11-28 10:37:56Microsoft Windows XP Professional Service Pack 2System drive C: has 5 GB (5%) free of 95 GBTotal RAM: 511 MB (14% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:06 AM, on 28/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\AVG�... Read more

A:Infected with Trojan Horse Clicker.SXT, Downloader.Generic8.ENX and Downloader.Zlob.AGWB

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 73.2

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

A:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

Read other 10 answers
RELEVANCY SCORE 72.8

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 72.4

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

Read other 16 answers
RELEVANCY SCORE 71.2

My computer is Windowns XP Service pack 3
I always use Firefox and never use Microsoft explorer.
My computer runs AVG 9.0.830 Free.

On 6/30/10 my computer detected Trojan horse Clicker.AJSF. This was followed immediately afterwords with the detection of Trojan horse Downloader.Agent2.YIZ. This was accompanied by the noise of clicking anywhere from every 10 seconds to 2 every minutes. This went away after a few runs of AVG. Occasionally the volume would balance would lower itself to zero. The Trojan horse Clicker.AJSF was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\119889546
C:\Documents and Settings\corboybp\Application Data\Sun\Java\deployment\cache\6.0\4\3c0ae\784-3513414
the Trojan horse Downloader.Agent2.YIZ was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\loader.exe
C:\Documents and Settings\corboybp\Local Settings\Temp\smss.exe

All was quiet until 7/7/10 when Trojan horse Downloader.Agent2.YIZ showed up again however no symptoms were notable. it was located in the following places:
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe

Today the scan discovered Trojan horse Downloader.Agent2.YIZ located in the following locations:
C:\System Volume Information\Microsoft\smss.exe (1064)
C:\System Volume Information\Microsoft\smss.exe Result: object is inaccessible
C:\System Volume Information\Microsoft\servic... Read more

A:Trojan horse Clicker.AJSF "congratulations you won!" Trojan horse Downloader.Agent2.Y

Hi,

Please do the following:

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Now open a notepad and press Control+V
Post the resultant log here please



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and... Read more

Read other 8 answers
RELEVANCY SCORE 70.4

About every other day or so, I get a notice from AVG that I have this trojan, and to run a scan. Which I do. And it never comes back showing that I have this, it always comes back clean. It doesn't appear on Norton, either.
What could be causing this?
 

A:[Solved] Downloader.Keenval.B

Read other 11 answers
RELEVANCY SCORE 70.4

Not sure which forum to post this in.

Can the Downloader.Keenval.J trojan keep Internet Explorer 6 on Windows ME (don't laugh!) from working? I believe that I have eliminated the trojan, but my IE cannot connect to the Internet on a DSL connection. This problem with IE began about the same time the trojan appeared. Is there a connection? How do I fix it?

I have also discovered that I can't connect to the internet through any program.

My network connections seem to work fine on the problem machine. Other machines on the network can connect to the internet with no problem.

I've been working on this problem for 3 days . Please help !

My LSP-Fix scan produced these files:
rnr20.dll
mswsosp.dll
msafd.dll
rsvpsp.dll
lspcs.dll
Should I remove the files?

My Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 8:33:23 PM, on 5/24/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\CYB2K.EXE
C:\WINDOWS\SYSTEM\WMIEX... Read more

A:Can Downloader.Keenval.J keep IE 6 from working?

All the lsp entries are valid
Close all windows,
Restart Hijack this and put a check mark against the following

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

Click Fix Checked
Run LSPfix
Restart your computer
 

Read other 3 answers
RELEVANCY SCORE 70.4

Hi
Just done a full virus scan, using AVG, and it's got rid of 2 other instances of the virus, but can't do anything about the wupdater.exe one in Program Files\Common Files\UPDATER. Get message re can't delete the file. Am using XP. On a couple of boot-ups before virus scan had been surprised that ZoneAlarm asked if wanted to allow an installer to access the internet, and another message can't remember just now. Also had accessed AVG to find the resident shield had been switched off (?). Had to switch it back on twice. Is there any way of getting rid of the virus?
Thanks, Cat
 

A:can't get rid of Downloader.Keenval.J from wupdater.exe

Check with the folks in Security here. I suspect they can help you remove it

http://forums.techguy.org/f54-s.html
 

Read other 2 answers
RELEVANCY SCORE 70.4

Hello-
I'm getting a notice about Downloader.Keenval.B using AVG. I've read the fix-it for Windows XP. Since I'm using ME and am only semi-computer literate, can you please tell me what the procedure is for my operating system? Also, what exactly is Downloader.Keenval? I know it's a trojan, but have no idea what impact it has. Thanks for any help you can give.
ayp
 

A:Downloader.Keenval.B in Windows ME

Make that Downloader.Keenval.B,C, and E. Thanks.
ayp
 

Read other 1 answers
RELEVANCY SCORE 70.4

Not sure which forum to post this in.

Can the Downloader.Keenval.J trojan keep Internet Explorer 6 on Windows ME (don't laugh!) from working? I believe that I have eliminated the trojan, but my IE cannot connect to the Internet on a DSL connection. This problem with IE began about the same time the trojan appeared. Is there a connection? How do I fix it?

I have also discovered that I can't connect to the internet through any program.

My network connections seem to work fine on the problem machine. Other machines on the network can connect to the internet with no problem.

I've been working on this problem for 3 days . Please help !

My LSP-Fix scan produced these files:
rnr20.dll
mswsosp.dll
msafd.dll
rsvpsp.dll
lspcs.dll
Should I remove the files?

My Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 8:33:23 PM, on 5/24/2004
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
D:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\CYB2K.EXE
C:\WINDOWS\SYSTEM\WMIEX... Read more

A:Can Downloader.Keenval.J keep IE 6 from working?

Hi, Please, do not post duplicates- there is a reply to your most recent posting of this same problem here:

http://forums.techguy.org/t232334.html
 

Read other 2 answers
RELEVANCY SCORE 67.6

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

Hello guys, Thanks for the help with this.
I get a Norton AV window that pops up all the time with file names like $055C6D52.t$m for example. When I look in the quarantine folder I find Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader.Lop,Bloodhound.Overpacked, Infostealer.Wowcraft, Backdoor.Graybird as files in quarantine. I would like to eliminate whatever it is that keeps attempting to re-infect my machine.

I'm running Norton and AVG, Spybot, and Windows Defender.
I appreciate any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:45 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\... Read more

A:Hacktool, Trojan Horse, w32.Spybot.Worm, Trojan.Startpage, Downloader., Multiple Infe

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner, as it has been a while since you posted.

Read other 10 answers
RELEVANCY SCORE 67.2

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

Read other 12 answers
RELEVANCY SCORE 67.2

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 67.2

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

Read other 16 answers
RELEVANCY SCORE 67.2

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

Read other 3 answers
RELEVANCY SCORE 66.8

need help^^
here's my hjt log
Logfile of HijackThis v1.99.1
Scan saved at 7:18:43 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jeff\Desktop\rootchk.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\jeff\LOCALS~1\Temp\Rootchk\catchme.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,... Read more

A:help trojan horse collected.11.b and trojan downloader generic4.ouo?

Read other 16 answers
RELEVANCY SCORE 66.4

Well, I got a file through MSN called Myalbuum2007, and now I keep getting messages from AVG saying Threat detected!, and when I choose to heal them, it says that they are healed successfully, but they keep coming back.
I looked around in some other threads and followed some of the tips, for example I downloaded SuperAntiSpy and some other things, but they don't seem to work, so I thought I'd start from the beginning and post my HJT here, so here it is. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 13:19:45, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\STOPzilla!\STOPzilla.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explore... Read more

A:MSN trojan horse downloader

Read other 7 answers
RELEVANCY SCORE 66.4

Trying to fix family laptop which appears to have a trojan. AVG repeatedly reports findng trojan horse downloader.generic8.anhq. Multiple threats then found by avg which appear to be random letter sequences for an .exe file which is located on C:\ (example is ttmxc or CaFg). There are also txt files and ms-dos applications created in same location. Firewall is also repeatedly disabled but can't seem to find way to keep it activated.

Running AVG, MBAM, SuperAntiSpyware and SpyBot finds issues but fixing via these doesn't stop the problem from reappearing when I next access internet connection and process starts over again. Have tried running in safe mode to fix with above programmes but issue always returns.

Now lost and would appreciate some help. Have removed torrent software and any cracked software I could find but let me know if anything else needs to be done in this area.

DDS as below:


DDS (Ver_09-05-14.01) - FAT32x86
Run by Jason at 18:28:05.86 on 15/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.494.156 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C... Read more

A:can't get rid of trojan horse downloader

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 10 answers
RELEVANCY SCORE 66.4

Norton sees it as C:\Windows\systems32\ymya2.dll. I tried symantics advice including disable restore and going into registry which it is not there, I even tried deleting file which the computer won't allow me to do. livioflores-ga is helping me and told me to run hijack and post it here I think. This is my first time but it seems like a great forumLogfile of HijackThis v1.99.0Scan saved at 8:17:39 PM, on 1/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\NORTON~1\navapw32.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Norton GoBack\GBPoll.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe... Read more

A:Downloader trojan horse

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.naupoint.com/toolbar/ie.htmlO2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\system32\oljF2F5.dllO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cabO16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CABO16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - http://naupoint.com/toolbar/installer/iEBINST2.cabO16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://G:\Content\include\msSecUcd.cabReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\system32\oljF2F5.dllReboot your computer to go back to normal mode and post a new log.

Read other 1 answers
RELEVANCY SCORE 66.4

I ran the AVG virus scan because my computer has been acting weird. I ran it during the night and it was closed this morning, i can access the report but it does not list what to do or give me a option to do something with it. What do I do?
 

A:Trojan horse Downloader HELP!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:04:58 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\... Read more

Read other 1 answers
RELEVANCY SCORE 66.4

I need some help with getting rid of the Trojan Downloader....Please help

I tryed to fix with AVG, but it wouldn't heal

Thanks for your help!!!

Logfile of HijackThis v1.97.6
Scan saved at 5:51:38 PM, on 17/02/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Carolyn\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explore... Read more

A:Trojan Horse Downloader

Read other 16 answers
RELEVANCY SCORE 66.4

I did an AVG virus scan and it told me that I have a trojan horse downloader.zlob_r.cp.

I also play this game called World of Warcraft, and the password to my account keeps getting changed on a daily basis. I believe I have some type of keylogger virus or something.

Any and all help would be greatly appreciated!

Oh and I also did a Hijackthis scan incase it helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:13 PM, on 2/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Of... Read more

A:Trojan Horse Downloader

Please do not create multiple threads for the same problem.
Continue here: http://forums.techguy.org/malware-r...ernet-security-issues-possible-keylogger.html
 

Read other 1 answers
RELEVANCY SCORE 66.4

Hi I seem to have picked up the trojan swizzor this is my hyjack logLogfile of HijackThis v1.98.2Scan saved at 15:21:04, on 10/11/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\system32\drivers\dcfssvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\Microsoft Works\WksSb.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\Grisoft\AVG6\avgcc32.exeC:\PROGRA~1\EXITFO~1\SETTINGSKNOB.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\BT Yahoo! Internet\DialBTYahoo.exeC:\PROGRA~1\Yahoo!\browser\ybrowser.exeC:\PROGRA~1\Yahoo!\browser\ycommon.exeC:\Program Files\Yahoo!\browser\ybrwicon.exeC:\WINDOWS\system32�... Read more

A:Trojan horse downloader

Hey phiz,welcome to BCUpgrade your AVG to the newest version and get the latest updates.Do a full scan.Please download a-squaredhttp://www.emsisoft.com/en/software/free/The program is free, but you will need to register.Let it scan and remove all trojans.Then reboot and post a new log.

Read other 8 answers
RELEVANCY SCORE 66.4

Hello everyone, This weekend my av\malware progams found the following. Is there a bigger problem with my comp. I seems to be getting alot of trojans in the last 3-6 months. I do all of my banking on the comp. I will call bank and change all p\w's. Thanks for the help. Joe mc

Avg found- Trojan horse downloader presario.A C:\WINDOWS\system32\msCMT srvc.exe (file size 160kb) Avg this file to the virus vault.

-squared Free - Version 3.1
Last update: 3/15/2008 11:47:43 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 3/15/2008 11:50:49 PM

c:\windows\system32\fonts detected: Trace.Directory.IamBigBrother
c:\program files\pcsecurityshield detected: Trace.Directory.Privacy Defender 3.0
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\477jmz03.default\cookies.txt:35 detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\477jmz03.default\cookies.txt:41 detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Application Data\Mozilla\... Read more

A:Trojan Horse Downloader

I assume that since you have AVG, that you are using Windows XP? Please only run this tool if you are.Download SDfix setup onto your desktop.Run the installer. Leave the install location at your system root.After the install, boot into Safe Mode.Click your Start Menu. Click Run. Type in c:\sdfix\runthis.bat. Hit OK.The prompt window will open. Type Y and hit Enter.Wait for the scan to finish. You will be prompted to restart. Press anykey to do so. Allow Sdfix to boot the computer into normal boot. At reboot, the prompt window will popup, along with a log shortly after. Copy the contents of the log back in your next reply.

Read other 7 answers
RELEVANCY SCORE 66.4

need help with finding a way to remove this trojan horse downloader Logfile of HijackThis v1.99.1 Scan saved at 5:30:21 PM, on 11/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C... Read more

A:Trojan Horse Downloader ?

Hi and welcome to BC If you are not being helped elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

Read other 2 answers
RELEVANCY SCORE 66.4

i have a trojan horse virus on my laptop that is wreaking havoc. anytime i go to a new page on the internet or click on a desktop icon my avg alerts me of infected files. My cpu is always at 100% even when i am doing nothing on my computer and it would only happen once in a while at first and now some websites restrict my access. I get all kinds of pop-ups and it takes forever for my computer to do anything. Everytime i am alerted by avg, which is now constantly, it says "threat name: trojan horse clicker .OPM" and/or "Torjan horse downloader .delf.12.an". It gives the filename too but those are entirely too long to post. I am running a fujitsu c series laptop with xp and internet explorer. I have a free version of avg antivirus software and i have hijack this, but i don't know what to do with it. if you could help me, i would be forever grateful.
 

Read other answers
RELEVANCY SCORE 66.4

have a trojan horse downloader .zlod.azvf in the core svchost.exe {1464}

Read other answers
RELEVANCY SCORE 66.4

Hi there,

Hope I'm posting in the right place. My computer has acquired Trojan Horse Downloader. Generic 4. XJE somehow, and while I have run AVG and it seems to heal it, the browser still is taken over every minute or so. I saw this thread elsewhere, but I also read not to use the instructions given for that computer as it could harm mine. My computer is brand new.....please help! It is a Dell Domension E521 with Vista.

Thanks so much
Chere Oldhoff

Mod Edit: removed email address for security reasons.
 

A:Trojan Horse Downloader

Hi Chere7, welcome to TSG.

Browse through some of the other security threads and follow the instructions to download, install and run HIJACK THIS....then post a scan log.
 

Read other 1 answers
RELEVANCY SCORE 66.4

Can someone tell me how to get rid of Trojan Horse Downloader.VB.3. AF. I've run AVG and Adware.

Can someone take a look at my Hijack This log? Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 1:35:00 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connect... Read more

A:Trojan Horse Downloader.VB.3. AF

What is the location of the infected file?
 

Read other 3 answers
RELEVANCY SCORE 66.4

I am working on my parents laptop. It has been getting popups for malware. I ran AVG on it in safe mode and it moved the trojan to the vault. The filenames that are affected are TMPE7.tmp, TMPF4.tmp, lsass.exe, Aoo59182.exe and A0055634.exe.
I ran the Hijacker tool and I have the logs. Can you help?

A:Trojan Horse Downloader.14.m

How is the computer running. The malware was moved to the vault.
Did you get a virus name and a by chance a full path to it?
Is this an Xp SP2 machine?

Read other 5 answers
RELEVANCY SCORE 66.4

Please help me to remove this virus Avg does not help with this.


Please Hijack This Log
Logfile of HijackThis v1.97.7
Scan saved at 6:46:40 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wapisu.exe
C:\Program Files\Common Files\WSOC Weather Wizard\TotalWX.exe
C:\Program Files\IE Sniffer\IESniffer.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arlene\My Documents\My Downloads\avg free edition\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_1... Read more

A:Trojan Horse Downloader

First let me ask if you know what this is?:

O4 - HKCU\..\Run: [IE Sniffer] C:\Program Files\IE Sniffer\IESniffer.exe
 

Read other 1 answers
RELEVANCY SCORE 66.4

Hey i just joined this so im not 100% sure i know what im doing on here but...i ran my AVG and it wouldnt delete the THD that i had. it was Trojan Horse Downloader.Winshow.S and it said it was in settings/woody/appdata/sysko/smiesh.dll if you could help me out at all. ive got the hijack this log too..thanks

Logfile of HijackThis v1.97.7
Scan saved at 12:30:49 PM, on 3/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\PSD Tools\blengine.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Kazaa\kazaa.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Woody\Desktop\hijackthis1977\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#10213
O2 - BHO: Clear Search - {00000000-0000-0000-0000-00... Read more

A:Trojan Horse Downloader

Read other 9 answers