Over 1 million tech questions and answers.

Virus help please: Trogan horse downloaders

Q: Virus help please: Trogan horse downloaders

I have three listed from AVG
Trogan horse Downloader.Generic6.SJK
Torgan horse Downloader.Zlob.MCQ
Trojan horse Generic2.PKN

I need access to C:\system volume information folder. I have the folder showing in the c:\ however I double click on it and windows states I do not have access to this folder. I was reading some directions and it states to right click on it and choose security tab. I right click and no security tab.

Can I have some help please.

I am running windows XP Pro Service pack 2

RELEVANCY SCORE 200
Preferred Solution: Virus help please: Trogan horse downloaders

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Virus help please: Trogan horse downloaders

follow the 5 steps here
http://www.techsupportforum.com/showthread.php?t=15968

Read other 1 answers
RELEVANCY SCORE 74.4

I am somewhat of a novice and am following rules I found elsewhere to receive help with this problem.
I have copied a list and included in this message.
Logfile of HijackThis v1.97.7
Scan saved at 11:19:39 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Richard\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH... Read more

A:Trogan Horse Virus

Hi Flasha

Welcome to TSG!

Download FindnFix at the following link and extract it (it should autoextract to C:\FindnFix when you double click it) http://downloads.subratam.org/FINDnFIX.exe

Go to the C:\FindnFix folder and doubleclick on !LOG!.BAT and let it run. It will generate a log.txt file. Copy and paste log.txt back here in your next reply.
 

Read other 1 answers
RELEVANCY SCORE 74.4

I up-dated my AVG virus scan today. After I finished, I had to restart my computer. Well, when my desktop came up the AVG detected 2 viruses. The first one is : Trogan Horse downloader.A it's located in c:/WIN/ALCHEM`/.EXE. It said to enable access and the choices were yes, no or heal. So I clicked heal. Then another virus popped up and it is : Trogan Downloader. Agent. AS it is located in C:/WINDOWS/SYSTEM/ZSHZHL`/.EXE I clicked heal for that one. Then I ran a comeplete test and had a couple of viruses and then ran another comeplete test and none were detected. I rebooted my computer a few minutes later, but once again the same thing popped up when I got to my desktop. Those two trogan horse viruses still were found so now, how do I get them out of my computer. Thanks to anyone who can help.
 

A:Help! Trogan horse virus

Read other 16 answers
RELEVANCY SCORE 72.8

Anti-virus program found a virus this fine morning.

Please help!
TIA

Here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:20 AM, on 25/02/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT PICTURE IT! 7\PIP.EXE
C:\MY DOCUMENTS\SPY BOT SEARCH AND DESTROY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\... Read more

A:Solved: Infected With Trogan Horse Virus!

Read other 13 answers
RELEVANCY SCORE 72.8

When I boot up, AVG detects trogan horse virus "Startpage.11.BV in C:\windows\winlogon.exe and then the screen blanks out and completely freezes. I boot up in safe mode, run AVG which tells me I cannot heal or quarantine this virus. Any advice would be sincerely appreciated.
 

A:Trogan Horse virus "Startpage.11.BV

If by any chance you have Windows ME disable System Restore that will get rid of it .......
 

Read other 2 answers
RELEVANCY SCORE 72.8

Hi I am new to this my children decided to open up an email which had the Trogan Horse Downloader attached to it now it is causing havoc with my pc. We use AVG virus checker which has found lots of this virus. Please at wits end how do we get rid of it if we can, Do i keep running an update for the AVG virus checker. Any help would be great. Now we have lots of pop ups coming with warnings saying that the trogan horse is trying to open lots of programs.

A:Virus Trogan Horse Downloader.generic 7 Help

Try running a full scan with AVG in Safe Mode.How to start Windows in Safe Mode

Read other 1 answers
RELEVANCY SCORE 67.6

Hello,

My AVG keeps coming up with my infected alerts on in C/Windows System32services.exe with Trojan horse Patched.c.LYT, and antoher in Windows/assembly/GAC/Desktop.AUGH with Trojan horse Generic28.AUGH. From what I've learned is they they are very dangerous, so far I've ran my AVG with no luck, MalwareBytes, and Advances System Care 5 also with no luck. Starting to read through these threads I downloaded and ran ComboFix but it stopped half way through so doubt it did anything, and now after reading more on these great forums it's probably for the best.

I've run Defogger, attached the DDS files, but the GMER scan freezes up every time when it gets tp Software\Microsoft\WindowsNT\CurrentVersion\Perflib\009, so I'm not sure why.. so I've stopped it during the scan process and attached that.

Any help would be greatly appreciated!!

Cheers
Logan
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Logan at 11:53:11 on 2012-07-29
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.1675 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\... Read more

A:Trojan Horse Patched/c/LYT and Trogan Horse Generic28.AUGH infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462944 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 7 answers
RELEVANCY SCORE 67.6

Hi,

I saw that my automatic updates was not on but when I try to turn it on in the system it stay off. I am also getting pop ups asking me to download varuious virus proctection/scan software. When I re booted my machine AVG found the following

Trojan Horse Genericll.AKAA,
Trojan Horse Vundo.t
Virus found - win32/heur

Any help would be most apprecited. I have noted my log file below. I have run the panda scan but can not seem to attch it to this email.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:21, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\P... Read more

A:Trogan Horse Genericll.Akaa - Trojan Horse - Vundo.T, several pop ups and Windows Aup

Bump, Please help

Read other 9 answers
RELEVANCY SCORE 63.6

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 62.8

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 62.8

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers
RELEVANCY SCORE 62.8

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 62.8

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 61.6

When I looked into my AVG virus vault today I was concerned to see a series of trojan droppers and downloaders. There were 7 entries, and in order here's how they appeared:
trojan horsedropper.agent.CRO (twice)
trojan horse downloader.agent.INL (3 times)
trojan horse downloader.generic.3NPE (twice)
trojan horse backdoor.generic.2AJH
trojan horse dropper.agent.CRP

then when I ran Panda software these 2 viruses were found:
virus: trj/downloader.MSN
virus: trj/killav.FD (this one is located in the system32 file)

looking for more information on these is like wading through muck...
I have ran the AVG,panda software, adware and hjt and here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:06 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2ev... Read more

A:Trojan horse droppers, downloaders and backdoor- they all appear in my system

i am still on awaiting some direction please!
 

Read other 2 answers
RELEVANCY SCORE 61.2

One of our computers runninng ME. has a trogan horse virus. Doesn't seem to be affecting the performance of the computer (Yet) but like to get it off. We have:

Avg anti virus
spy sweeper
ad-aware
spybot
ccleaner

Avg is what picked it up, it lets you quarantine it but unable to delete file.
File path:

C:/Restore/Temp/ (Backup copy infected)
Trogan horse Downloader.Small.28.BQ
A0010582CPY

Can this be deleted out of Registry?, and if so, which heading would it be under?

If any one can help, we would greatly appreciate it!
Thanks,
Marlene2

A:Trogan horse

try housecall on line checker and or macfree. try deleting it safe mode.

Read other 6 answers
RELEVANCY SCORE 60.8

Hi everyone I'm new to the site and I wondered If anyone could help me with a problem that I have with 2 trogan horse viruses.

I am running avg 7.1 free addition everytime I run the virus scan It picks up 2 trogan horse viruses BackDoor.Generic2.SLC/&BackDoor.Small.52.AL.

They Install themselves In the system32 folder In windows ntcvx32dll/ntswrl32dll.

also It puts a program dnode In the list of exceptions in the service pack 2 firewall.

this is a real pain as they regenerate everytime you restart the computer
I cant seem to get round this problem and wondered if any of you have had this problem If so could you please tell me how I can resolve this.

REGARDS.
COSMOSIS.

A:trogan horse viruses

Hi, please go through the "Having problems with spyware/viruses" in my sig and post a HJT log where specified.

|
|
|
\ /
,v

Read other 4 answers
RELEVANCY SCORE 60.8

I've been having a problem with this computer for a while. It seemed to start with a false alert type virus and now every time i scan the computer with AVG anti-virus 2011 thier are new infections and half are always inaccessable. please help. Thank you.
"";"C:\Windows\explorer.exe (2952):\memory_00010000";"Trojan horse Adload_r.AKJ";"Object is inaccessible."
"";"C:\Windows\explorer.exe (2952)";"Trojan horse Adload_r.AKJ";""
"";"C:\Program Files\Internet Explorer\iexplore.exe (7560):\memory_00040000";"Trojan horse Adload_r.AKJ";"Object is inaccessible."
"";"C:\Program Files\Internet Explorer\iexplore.exe (7560)";"Trojan horse Adload_r.AKJ";""
"";"C:\Program Files\Internet Explorer\iexplore.exe (7504):\memory_00040000";"Trojan horse Adload_r.AKJ";"Object is inaccessible."
"";"C:\Program Files\Internet Explorer\iexplore.exe (7504)";"Trojan horse Adload_r.AKJ";""
"";"C:\Program Files\Internet Explorer\iexplore.exe (7240):\memory_00010000";"Trojan horse Adload_r.AKJ";"Object is inaccessible."
"";"C:\Program Files\Internet Explorer\iexplore.exe (7240)";"Trojan horse Adload_r.AKJ";""
"";"C:\Program Files\Internet Explorer\iexplore.exe (7128):\me... Read more

Read other answers
RELEVANCY SCORE 60.8

Hello I get on internet and then get off and after awhile I get avg Resident shield Trojan horse Psw.bispy.B ?
run avg anti-virus says it is clean .
run swshredder says same thing ?
here is new log after reboot.
Logfile of HijackThis v1.97.7
Scan saved at 1:34:36 PM, on 4/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Config\ConfigHighSpeed\3.52.1010.10\IACLiM.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Advanced Searchbar\jammer.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2... Read more

A:Trogan Horse Psw.Bispy.B

Read other 11 answers
RELEVANCY SCORE 60

Hi, I need help in removing this trogan from my computer. I have AVG 8.0 (free version) and Malwarebytes Spyware. Both are updated and run each week. Today a new update on AVG was for the above trojan. I received a notice that AVG detected 2 on my computer, but could not remove all of the infected files. I ran Malwarebytes and that came out showing no infections. Also ran AVG and that showed no infections found. Yet computer is slow and I am not sure everything was removed.
I ran a hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:48 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1108413816\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\... Read more

Read other answers
RELEVANCY SCORE 60

Hello People I am in deep trouble...
This is about that Trogan Horse Downloader.Dyfica.2.BA
I have done the Hijack thing and Don't know how to get rid of it from here... What one do I check to fix?????
Also If I do a system Restore does that mean that I loose my outlook express contents???
Talk about going crazy... I have to restart my computer every 15mins to stop it from telling me that it can't do that not enough blah blah
PLEASE If someone could help me out I would be very grateful
I have windows XP
Thank you in advance
regards
Donna

Logfile of HijackThis v1.99.1
Scan saved at 9:44:38 p.m., on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFR... Read more

A:Trogan Horse Downloader.Dyfica.2.BA

Read other 16 answers
RELEVANCY SCORE 60

I am running Win XP with AVG anti virus and it keeps finding a virus called Trojan horse Downloader.Winshow.V and another called Trojan horse Downloader.Winshow.R. It says that is has moved it to the virus vault but has found the problem 4 days in a row. I have run both Ad-aware 6 and spybot S&D with your recommended changes and I still havn't found a way to delete the problem. Any help would be great. Thanks jeramy
 

A:Trogan Horse Downloader.winshow.v

You may want to try using TDS-3. It's free for 30 days.

http://tds.diamondcs.com.au/

http://www.wilderssecurity.com/showthread.php?t=2871
 

Read other 1 answers
RELEVANCY SCORE 60

I recieved a popup stating that a Trojan Horse was found. I followed all of the steps that Symantec had on their website to remove it but did not find any of the files.

My default webpage keeps defaulting to C:\WINNT\system32\msblank.html and a DialerPlatform Limited Window pops up.

C:\WINNT\System32\hclean32.exe is said to be the source

Any Ideas on how to clean this off?

Pasted below is my Hyjack this log.

Logfile of HijackThis v1.97.7
Scan saved at 10:31:51 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System3... Read more

A:Solved: Trogan Horse found

Read other 16 answers
RELEVANCY SCORE 59.2

Hello,

I am having trouble removing this Trogan that I seem to have picked up. I am using AVG Anti-Virus 2012 and it says that it can detect it in the system files but that it can't remove it due to the file being critical. Some of my friends suggested that I ask around here for some help before taking the computer to a store or to the dump... I am not very familiar with Windows OS so any help would be greatly appreciated with getting these damn AVG threat notices to stop.

Thanks in advance.

A:Removal of 'Trogan horse Patched_c.LYU' Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 59.2

greetings,
Firefox is my browser, laptop scanned w/free avg anti-virus. updated with Secunia PSI.
1) After a second scan, avg reported 3 trogan horses!
2) By accident i brushed the mouse pad and the display erased before i could fix the problem, the avg display cleared. I scanned again and the trogan horse did not show in the results.
3)problems remain-A)left click unresponsive or works sometimes.
B)video from my files play(yet the controls are slow to respond at times) using windows media player.
C) firefox crashes. online windows freeze. i must use control/alt/delete.
D) dvd player plays sound, no picture.
E)when i "x" out of a window it can be slow or unresponsive.
F)(i hope i explain this right!) When i right click on the scroll bar to drag a page down, the arrow does not "grab" the page well , if at all.
i hope this is the hjt you request- I Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, In... Read more

A:avg reported trogan horse(3 of them) problems remain.

Read other 16 answers
RELEVANCY SCORE 58

I'm new to this site so firstly, apologies if I've posted this in the wrong place or if I've posted something that's been posted a million times.
 
So, I tried to update flash yesterday and AVG popped up saying there was something untoward so I stopped the install, fixed the problem with AVG, checked the website and tried again and the same thing happened.  I'm sure Adobe aren't sending out virus but this all lead me to this site and it got me thinking about the general speed and the state of my computer.  Now I'm usually pretty careful with programs that I install, I regularly use CCleaner and ASC (though I don't know whether it's a good idea to use both).  I also keep my registry clean (as far as I know how to), I regularly defrag and I check the start up programs and services that are running to try and spot anything dodgy that might be going on.  My trouble is, is that I wouldn't know what is and what isn't dodgy.
 
I was looking at another topic on here where a guy was told to download and run a few programs such as farbar etc which I've done but I have absolutely no idea how to read the results and what if anything I can do.
 
Is there anyone that can take a look at the performance of my computer and just give me some general advice on what I can do to try and speed it up a little?
 
Many thanks
 
 
SP

A:AVG detected a trogan horse whilst trying to update adobe flash

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see hereDouble click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat fil... Read more

Read other 13 answers
RELEVANCY SCORE 57.6

I keep getting 2 trojan horse downloaders on my avg residential alerts, computer powers off and blinks yellow, attached hijack this log

My AVG residential alert keeps showing reocurring trojan horse downloaders( 2 of them) located at C:System Volume Information, computer won't stay on for more than five minutes and powers off with a blinking yellow start button light on my Dell Optiplex

A:Trogan horse dowloader, powers off blinking yellow power light

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 19 answers
RELEVANCY SCORE 52.8

Hello, i have downloaded something that im not sure of.... and i deleted it right away!!!!
Plz help me!

I will give u a HIJACKTHIS log, And a A-Squared Virus Scan Report.
1. A-Squared Anti-Malware Virus Scan Report

a-squared Anti-Malware - Version 3.5
Last update: 5/3/2008 8:24:50 PM

Scan settings:

Objects: Memory, Traces, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 5/3/2008 8:32:02 PM

C:\Documents and Settings\Dark\Local Settings\Temp\A18D-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temp\A191-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temp\A197-tmpapi.exe detected: Trojan-Downloader.Win32.Peregar.cg
C:\Documents and Settings\Dark\Local Settings\Temporary Internet Files\Content.IE5\3FSVT8RU\drv32[1].data detected: Trojan-Downloader.Win32.Peregar.cg

Scanned

Files: 17743
Traces: 393643
Cookies: 0
Processes: 37

Found

Files: 4
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 5/3/2008 8:38:47 PM
Scan time: 0:06:45

P.S. this scan was not complete!
2. Hijackthis Scan Report!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:29 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\... Read more

A:Virus / Spyware / Downloaders plz help!

i just remembered the thing i downloaded was from a video i was going to watch but it said something about ''Video ActiveX Object Error'' so i downloaded it.. and ran it and internet explorer came up and with a google search of ''Porn'' and something else came up saying ur computer is highly infected
 

Read other 1 answers
RELEVANCY SCORE 52.8

Hello, i've scanned a complete scan with.. ''SuperAntiSpyware Pro'' - ''A-Squard Anti-Malware'' (sorry for grammer)

I dont have the A-Squard Anti-Malware Scan Report

Here is the SuperAntiSpyware Pro Scan Report

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/04/2008 at 01:12 AM

Application Version : 4.0.1154

Core Rules Database Version : 3452
Trace Rules Database Version: 1444

Scan type : Complete Scan
Total Scan Time : 00:28:13

Memory items scanned : 470
Memory threats detected : 1
Registry items scanned : 4128
Registry threats detected : 36
File items scanned : 12660
File threats detected : 10

Trojan.Unclassified/Multi-Dropper (Packed)
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
[310vLfCclX] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LSZUXIDE\NCHKXELA.EXE
C:\WINDOWS\Prefetch\NCHKXELA.EXE-0D8EE804.pf

Trojan.Unclassified/Multi-Dropper
[jvsnvhjs] C:\WINDOWS\SYSTEM32\NYJMNWNO.EXE
C:\WINDOWS\SYSTEM32\NYJMNWNO.EXE
C:\WINDOWS\Prefetch\NYJMNWNO.EXE-1B98009E.pf

Trojan.FakeAlert-Pinch/N
HKLM\Software\Classes\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}#AppID
HKCR\CLSID\{69F6C0AE-0C78-4999-B6D1-62932A265C5D}#Lo... Read more

A:Virus / Spyware / Downloaders

Hello darkgifts2 and welcome,

If you still require assistance, please note that we prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help....

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "... Read more

Read other 1 answers
RELEVANCY SCORE 52

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

Read other 1 answers
RELEVANCY SCORE 51.6

ok i just Re formated my . Dell Computer .

and im getting all pop ups and something downloaded automaticly on my pc after 20 minutes... i uninstalled and deleted in folder by the name of it

Works fine but one thing now

( i got Avast4! btw just downloaded and installed )

most of the time when i click a link i search on google.com like
i search this website

Google.com > Tech Support Guys > then sometimes it goes to a different website then it should go to....

pop ups seem to under control

I blame norton

LOL I JUST GOT A LITTLE ERROR LOOK-A-LIKE POP UP SAYING

Get Free Viagra

.... please fix that lol

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:12 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ju... Read more

A:Popups / Trojan / Virus / Downloaders / THIS IS MAJOR

Read other 10 answers
RELEVANCY SCORE 51.2

Hello,
I went on page that, it seems, changed my homepage and the next time i opened IE, I was infected with trojan downloaders. Now, when i open IE, I get a screen where "Second thought" tries to install itself and asks for me to "press enter". And another copy of this page starts every, like, 10 secs, so i have to unplug my router and it stops, so i scan with AVG and SpyBot and clean everything, and change my homepage. But still, when i re-open IE, all the sh*t gets downloaded again and asks me to press enter.

There seems to be no more traces of it but it all comes back with the opening of IE.
So I dont know what to do and I'm asking your help, thanks.

I'l post my Highjackthis log if it can help:

Logfile of HijackThis v1.98.0
Scan saved at 16:09:59, on 2004-07-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Scan Server\bdss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

A:When i open IE, I get trojan downloaders, even if anti-virus said im clean, help!

Read other 16 answers
RELEVANCY SCORE 50.4

Hi, I need help getting rid of a virus. I went through all of the steps and have already attached my active scan txt. and my hijack this txt. Any help would be greatly appreciated. Thanks, Kevin

A:Help getting rid of Trj/CI.A trogan virus

Hello, sorry for the delay getting to you!

Let us know if you still require help!

Cheers.

Read other 7 answers
RELEVANCY SCORE 50.4

Hi,

hope you can help, here is my problem.

When I try to log in a box pops up which reads C:\WINDOWS\SYSTEM32\JKKLK.EXE WINDOWS CANNOT ACCESS THE SPECIFIED DEVICE PATH OR FILE YOU MAY NOT HAVE THE APPROPRIATE PERMISSIONS TO ACCESS THE ITEM.

Then another box pops up which reads DESKTOP, COULD NOT LOAD OR RUN C:\WINDOWS\SYSTEM 32\JKKLK. EXE SPECIFIED IN THE REGISTRY. MAKE SURE THE FILE EXISTS ON YOUR COMPUTER OR REMOVE THE REFERENCE.

Some icons on my desktop will not open.

KInd Regards Joe Walmsley

A:Trogan Virus?

That particular alert is informing you of a leftover registry key that was linked to a file that has been deleted. The file in question is a baddie.Given the fact that you have other problems, I think there is still malware aboard. I suggest that you scan with SuperAntiSpyware in safe mode.Download and install SUPERAntiSpyware free found here: http://www.superantispyware.com/superantis...efreevspro.htmlBe sure to click on the download button to the left, not on the free trial download on the right. Install it and double-click the icon on your desktop to run it.? It will ask if you want to update the program definitions, click Yes.? Under Configuration and Preferences, click the Preferences button.? Click the Scanning Control tab.? Under Scanner Options make sure the following are checked:o Close browsers before scanningo Scan for tracking cookieso Terminate memory threats before quarantining.o Please leave the others unchecked.o Click the Close button to leave the control center screen.? On the main screen, under Scan for Harmful Software click Scan your computer.? On the left check C:\Fixed Drive.? On the right, under Complete Scan, choose Perform Complete Scan.? Click Next to start the scan. Please be patient while it scans your computer.? After the scan is complete a summary box will appear. Click OK.? Make sure everything in the white box has a check next to it, then click Next.? It will quarantine what it found and if it asks if you want to reboot, click Yes.? To ... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

running windows xp service pack 2 avg picked up a virus and need help deleting it thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 6:50:50 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mdg.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\T... Read more

A:how do i get rid of this virus (trogan)

What is the infected file name and location?
 

Read other 2 answers
RELEVANCY SCORE 50.4

An error is coming up at startup and says an IE error has occurred 0028:C0011E36 in VXD VMM(01) + 00010E36. Error caused by Trojan-Spy.html.smitfraud.com

System cannot function in normal mode.

It also tells me to run virus removal software to remove the virus. The computer is running windows 98. In safemode the CD rom is not detected and in normal mode I cannot open anything. When I click on my computer or the start menu the computer completely freezes. How do I remove the virus when I can't open anything?
 

A:Trogan-Spy virus

I have the HIjack this file saved on a CD rom but the computer will not read the cd rom in normal or safe mode. Also I can't acess anything on the computer. It's a pain!!!
 

Read other 3 answers
RELEVANCY SCORE 50.4

I have recently picked up a trogany type of virus. it iratates the hell out of me.
the warning says something like you have viruses go to this website to clean them.

here is hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05, on 2008-08-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
C:\Program Files\Vista Rainbar\Rainmeter.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinFlip\WinF... Read more

A:VIRUS, or trogan!!!!

Read other 11 answers
RELEVANCY SCORE 50.4

Couple weeks ago i got a virus that i couldn't get rid of and had to take my puter in to
the shop to see if they couldn't figure it out (it would disconnect every 9 minutes)
They fixed that problem but the computer is so slow now, and i thought before
i take it to them (again) i would ask you all to look at my Hijackthis log to see if you can't
fined whats going on.
Logfile of HijackThis v1.99.1
Scan saved at 10:36:31 AM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\hkcmd.e... Read more

A:trogan virus

Read other 16 answers
RELEVANCY SCORE 50.4

I have run adaware, avg, and spybot over the last 4 days and it still keeps coming back. What am I missing?

A:Need help with trogan virus

Hi Terranceosmith3,
Please do not create multiple posts about the same thing.

I have replied to your first post here

Matt

Read other 3 answers
RELEVANCY SCORE 50.4

I have a virus/trogan C:\progra~1\1winmx\winmx.exe.~m

It also creates a folder sysdll that contains about 300 programs. I have deleted the folder with no problem. My "cleaner" found the virus and deletes it but everytime I reboot both come back.

Any help?
-dan
 

A:virus/trogan

Read other 16 answers
RELEVANCY SCORE 50.4

I keep getting viruses-every couple days. I run my AVG each night at 5pm-sometimes it comes out clean other times it detects a virus and either fixes them or puts them in the vault. This all started a couple weeks ago and it's caught about 4-5. Why all of a sudden am I getting viruses? In all the years I have had computers I never got a one? Anyone know why? Thanks!
 

A:Trogan virus

Read other 10 answers
RELEVANCY SCORE 50.4

Hi,

Thank you for your help. It has been about a year or more since the last time my computer system was compromised. I thank this site and its experts for giving me excellent advice about what antivirus programs to use.

I am using both F-Secure and Superantispyware.

Unfortunately, we have been hit by foe our software can't take down.
Please help. Joe B.

here is our HIJACK THIS LOG>>

Logfile of HijackThis v1.99.1
Scan saved at 3:22:51 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\VTTimer.exe
E:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
E:\WINDOWS\system32\tbctray.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\Program Files\Citrix\GoToMyPC\g2svc.exe
E:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFS... Read more

Read other answers
RELEVANCY SCORE 50.4

Hello,

I have a virus that will not allow me to download programs or run the internet (unless I run it as administrator). The virus pops up as Windows Vista Antivirus and then says that a Trogan virus has been detected. The virus is listed as: Trogan_BNK.Win32.keylogger.gen. What steps should I take to remove this?

Thank you so much!
Tiffany

A:Trogan Virus

Please read the procedure here

http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012

Good luck

Read other 1 answers
RELEVANCY SCORE 50.4

I have been trying to get rid of this trojan horse virus for a few weeks now, and haven't succeeded. I don't beleive in buying spyware because most of the time the free versions work just as well. So I have AVG free and eusing free registry cleaner. I had ad-aware, but thought it may be causing problems, and deleted it. I also have malware bytes free, and use it often. I have checked with my ISP and they said it's my computer. I also had a major breech with my facebook account, but don't think it's related. I happened to be in my own email address book, (to send back and forth from my laptop). So I kept sending myself spam links along with severall of my other frinds in the address book. Please help. I can send you the long list of spam link this is associated with. Thanx in advance.

A:Trogan virus?

I am not a computer geek and don't know what you mean about a combo-fix log. Sorry to confuse people... And I wouldn't have been on the XP forum page if I had a different system, I thought they were seperate. I'll try to be more brief and precise.

Read other 1 answers
RELEVANCY SCORE 50.4

I am not sure what is going on with my PC. The first thing I noticed is strange sound effect after login on PC. The sound is something worthy of a Star Wars movie. (I have shut off "play windows sounds" thinking that would get rid of it but nope. i have no idea why my PC makes this sound on startup.
  Then I have noticed in my "volume mixer" there is a "name not available" were you can control the sound of your different programs running. Again I have no idea what that is.
 
   here is latest adwcleaner log file. (C:\WINDOWS\SysNative\Tasks\Updater) <--this keeps coming back. what ever it is.
 
 
   # AdwCleaner v5.102 - Logfile created 16/03/2016 at 17:32:20
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Dee - DEXTER
# Running from : C:\Users\Dee\Downloads\adwcleaner_5.102.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\WINDOWS\SysNative\Tasks\Updater
***** [ Files ] *****
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1355 bytes] - [14/03/2016 15:56:21]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1210 bytes] - [14/03/2016 15:59:40]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [1582 bytes] - ... Read more

A:Do I have trogan. virus?

Greetings angaar and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

Read other 31 answers
RELEVANCY SCORE 50

Hey Guys,

Thanks in advance for any help rendered.

I had a massive virus attack and spent 2 days trying to fix it (mostly by reading posts from this forum!). Things are back to normal now, but I was hoping you could check to see if there are any viral remnants, because I read that Cryptor and Vundo were notoriously hard to get rid of permanently.

I'm running Windows XP SP2 Home Edition (BTW - is it much safer to be using SP3?)

My pc got taken over and started popping up random sites and downloading more viruses. changed my deskstop and asked me to download anti-virus software.

AVG quarantined some viruses, but then I couldn't log into windows. Turns out userinit.exe was quarantined, preventing Windows from loading after the logon screen.

I used the Recovery Console onthe XP disc to replace the userinit.exe a get back into wondows, but I couldn't use USB drives or Internet. Then I used Malwarebytes and SuperAntiSpyWare (downloaded them from another pc and burned them onto a disc to get it on my pc) to delete more virus traces.

Then I went back into the Recovery console and replaced the infected userinit.exe and wsaupdater.exe with a clean one from the xp disc.

Then I could finally use my USB drives and Internet after a hotfix. So I updated all my virus and spyware programs and did another check and quarantined more viral traces.

After all that I hope everything is clean, but I can't be sure.
Here's the HijackThis Log:
Logfile of Tre... Read more

A:Mega Virus Attack: Cryptor, Vundo, SHeur2, + Trojan downloaders

Read other 15 answers