Over 1 million tech questions and answers.

Worm:Win32/Emold.U detected

Q: Worm:Win32/Emold.U detected

my desktop changed and it had a warning saying I have been infected. Also, I couldn't start Task Manager. One or several popups started telling me to download removal tools. I did not trust these and didn't download anything. I updated my windows defender and ran scans. It did detect and removed different stuff with name variations of the one above. Still my desktop had the warning and I couldn't change the desktop image. I installed Microsoft Security Essentials and ran. Again it detected and remove same virus mentioned above but desktop remained the same.

I searched online what to do if I can't change desktop and start Task Manager. Online I found instructions how to go into Regedit and delete in Policy so I can now change desktop picture and start Task Manager.

But I still get popups windows with add. I get these in Chrome and in Explorer. Problem originally started when I was browsing in Chrome.

My ISP provide a free Anti-Virus program so I downloaded that and ran it. My ISP is cbeyond and the anti-virus program is called F-secure. After running all scans several time problem still persist. Popups keep coming. Just a minute a go I was prompted to fill an online survey for BleepingComputer. It looked legit so I filled it out in an effort to give something back to this site that I hope will help me solve this. After I filled it out it offered me some products and I realized it was the virus again.

It seems the Anti-Virus program is not able to remove this. Today an application tried to access the internet called WilaWape.dll. I denied access to internet since I am not aware of any program on my computer with that name.

When I read log of the anti-virus software it states that it did found a riskware named: PSWTool.Win32.SnadBoy.2011. This keeps coming back after each scan. See attached scanning report.

When I reboot the computer it tells me it couldn't find program Logon.exe. I think that was installed by the virus but it looks like the anti-virus software removed it but it still tries to start after each reboot.

I have Windows XP Professional, Version 2002, Service Pack 3.

Thank you for assisting me.

RELEVANCY SCORE 200
Preferred Solution: Worm:Win32/Emold.U detected

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Worm:Win32/Emold.U detected

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. You will also be instructed to create a Root Repeal LogWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.The HJT team is very busy and it will take awhile to get to your postPlease be patient and good luck

Read other 2 answers
RELEVANCY SCORE 94.8

my desktop changed and it had a warning saying I have been infected. Also, I couldn't start Task Manager. One or several popups started telling me to download removal tools. I did not trust these and didn't download anything. I updated my windows defender and ran scans. It did detect and removed different stuff with name variations of the one above. Still my desktop had the warning and I couldn't change the desktop image. I installed Microsoft Security Essentials and ran. Again it detected and remove same virus mentioned above but desktop remained the same.

I searched online what to do if I can't change desktop and start Task Manager. Online I found instructions how to go into Regedit and delete in Policy so I can now change desktop picture and start Task Manager.

But I still get popups windows with add. I get these in Chrome and in Explorer. Problem originally started when I was browsing in Chrome.

My ISP provide a free Anti-Virus program so I downloaded that and ran it. My ISP is cbeyond and the anti-virus program is called F-secure. After running all scans several time problem still persist. Popups keep coming. Just a minute a go I was prompted to fill an online survey for BleepingComputer. It looked legit so I filled it out in an effort to give something back to this site that I hope will help me solve this. After I filled it out it offered me some products and I realized it was the virus again.

It seems the Anti-Virus program is not able to remove this. Today an a... Read more

A:Infected with Worm:Win32/Emold.U

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 8 answers
RELEVANCY SCORE 75.6

I got hit with an intrusion a few days ago. I found a lot of information regarding the problem (AntiVirus Suite 2010 scam) online and thought I had totally removed the threat. However, every time since I completed the fix that I've run both a Malwarebytes and/or Avast scan they both pick up infected files in the same folder on my computer. I've tried to let those programs quarantine/remove the infected files but they are not having success. I've tried to manually delete the infected file in windows as well as safe mode and from DOS startup without success. An error keeps popping up saying that there are not enough "resources" to access the file). My computer seems to be running with out a hitch, but I am still concerned about a potential security threat. Should I be concerned about these files, and if so any ideas on how to fix the computer without reinstalling Windows and starting over? Below is a cut and paste of the log from a recent Malwarebytes scan (one thing to note is that MB shows only three threats in that file; Avast shows 1,909 threats in the same location). Any thoughts or help?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4953

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/28/2010 8:15:13 AM
mbam-log-2010-10-28 (08-15-13).txt

Scan type: Quick scan
Objects scanned: 5817
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Key... Read more

A:emold worm

Looks like a newer variant and we'll need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 72.4

I got hit with an intrusion a few days ago. I found a lot of information regarding the problem (AntiVirus Suite 2010 scam) online and thought I had totally removed the threat. However, every time since I completed the fix that I've run both a Malwarebytes and/or Avast scan they both pick up infected files in the same folder on my computer. I've tried to let those programs quarantine/remove the infected files but they are not having success. I've tried to manually delete the infected file in windows as well as safe mode and from DOS startup without success. An error keeps popping up saying that there are not enough "resources" to access the file). My computer seems to be running mostly without a hitch except that Windows Defender automated update feature has been disabled. I am still concerned about a potential security threat. Should I be concerned about these files, and if so any ideas on how to fix the computer without reinstalling Windows and starting over? Below is a cut and paste of the log from a recent Malwarebytes scan (one thing to note is that MB shows only three threats in that file; Avast shows 1,909 threats in the same location; GMER also caught +/-1,900 executable flies here). Also below/attached are both the DDS and GMER logs. Any thoughts or help? Can't thank you enough.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4953

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/28/2010 8:1... Read more

A:emold worm (AnitVirus Suite 2010 scam)

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 43 answers
RELEVANCY SCORE 67.6

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 66.8

Hi i realy need help my sony vaio laptop keeps coming up with messages saying its been effected by worm.win32.net booster. and ever time i log in to my computer three programs are on the desktop, ive never seen them before. could someone please help me

ps computer is an xp

A:Please Help My Laptops Detected Worm.win32.net Booster

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode (Instructions).

Read other 2 answers
RELEVANCY SCORE 66.8

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 66.8

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 66.8

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning proc... Read more

A:Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 66.8

i woke uo this morning and found this was happening, i was getting pop ups saying i have this virus on my pc and now im upset, lol,

i looked at a few dif places, but all i could get was to d/l some HiJack This thing, so i did that and here is the log that i got


Deckard's System Scanner v20071014.68
Run by Administrator on 2007-11-22 11:37:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
54: 2007-11-22 01:07:57 UTC - RP68 - Deckard's System Scanner Restore Point
53: 2007-11-22 00:32:52 UTC - RP67 - Installed Symantec Technical Support Web Controls
52: 2007-11-21 03:11:54 UTC - RP66 - Printer Driver Sonic PDF Installed
51: 2007-11-20 05:55:43 UTC - RP65 - System Checkpoint
50: 2007-11-19 05:54:33 UTC - RP64 - System Checkpoint
-- First Restore Point --
1: 2007-10-18 11:03:47 UTC - RP15 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 1.43 GiB (less than 15%) free.
-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:10 AM, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSI... Read more

A:worm.win32.skynet virus detected

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

Read other 3 answers
RELEVANCY SCORE 66.8

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 66.4

My computer noted that i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background changed to a red and black image saying that my privacy is in danger. I loaded spyware doctor and it continues to give me pop ups saying "Spyware Doctor blocked an application regsvr32.exe attempting to access a file. Path c:\windows\popnetdpt.dll Threat adware.agent.bn
The following is my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:05 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

A:worm.win32.netsky detected. Hijack this log included.

Read other 15 answers
RELEVANCY SCORE 60.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 60.4

Hi ,I seem to have a virus, worm and/or Trojan horse. I think I got it off of Limewire. I accidentally downloaded a .exe program (which I never do ? except this time ? idiot!) and I believe that?s when I got it/them.Per the prep guide, I have cleaned out my temporary internet files, temp files and recycling bin.I have updated versions of Ad-Aware SE and Spybot and have run them both, restarted my computer and then run them again.I have run Housecall Anti Virus and Bit Defender (twice each), but couldn?t get Panda Anti Virus to work. I have also run McAfee VirusScan (build 9.1.08 engine 4.4.00 DAT version 4.0.4585) and Bazooka Scanner v1.13.03 (?nothing detected?).I have loaded and run McAfee AVERT Stinger.I have McAfee Personal Firewall Plus (6.1.6144) running and is up-to-date. It is blocking specifically winlog.exe and svchost.exe. My firewall detected winlog.exe trying to connect to the internet immediately when I accidentally (and stupidly) downloaded that .exe file. I blocked all access to the internet for it. I believe the svchost.exe was blocked previously, but I don?t remember. Setup.exe (outlook.exe) is also blocked for some reason (I tend to block any connection that I?m not sure about). Run a DLL as an app (rundll32.exe) is also blocked. Most other stuff I recognize. Except for ping.exe (ping.exe). That?s, for some reason, at ?allow full access?. Is this okay?I am running Windows XP SP2 that is up-to-date. My browsers are IE (v 6.0.2900.2180.xpsp_... Read more

A:New Malware!bot, Win32.worm.vb.ymeak.a, Win32.worm.vb.dw And Backdoor.rbot.cmn

Hi KevinF2020 and Welcome to the Bleeping Computer!1. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")Exit Ewido, do not run the scan yet!If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates2. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive isClick "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.Save it in the same folder you made earlier (... Read more

Read other 19 answers
RELEVANCY SCORE 59.2

this is like the nth time i've tried posting this. ie keeps crashing just before i hit the post button.anyway, i'll keep this short lest i die of frustration once my ie crashes again.pleasepleaseplease help me get rid of the trojans/worms infecting my pc. right after i noticed my exe files going wonky (double clicking only yielded a black windows script/run box instead of opening the program), i scanned my pc using trendmicro, which zapped a couple of problems. when i commenced scanning using panda, my pc crashed and kept restarting. so i ran it in safe mode, scanned using bitdefender which deleted most of my exe files (since i didn't realize my preferences were set at disinfect/delete.)according to the scan results, my pc was infected with a couple of strains of the PWS Trojan : PWS.OnlineGames., Generic.PWStealer., Generic.Onlinegames., Trojan.Dropper.OnLineGames.A, DeepScan:Generic.Malware., Trojan.PWS.Nilageand Win32.Worm.Delf.NDQandWin32.Worm.Vikingamong others.after the online scans, here are the things i've done so far:1. installed ad-aware and scanned in safe mode 2. installed spybot and scanned in safe mode3. spybot ran diagnostic scan after restart. was able to run windows in normal mode4. scanned using avg, disinfected5. scanned using ad-aware. 6. scanned using spybot. went on with my life for a couple of days.7. scanned using spybot. found a couple of threats... disinfected and clicked immunize. no more threats found after8. scanned using ad-aware. no results oth... Read more

A:Win32.worm.delf, Win32.worm.viking, Pws.onlinegames, Among Others

Welcome to the BleepingComputer HijackThis Logs and Analysis forum pill My name is Richie and i'll be helping you to fix your problems.Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if ... Read more

Read other 6 answers
RELEVANCY SCORE 54

I just found this result from my virus scan (Inoculate PE):
c:\unzipped\shareing\kazaa lite\my shared folder\muppetpt.zip>funny muppet.exe - Win32.Choke.45056 worm.

I have no idea what to do with it

I'd love some please
 

A:[Resolved] Help with worm virus (win32.choke.45056.worm)

Read other 7 answers
RELEVANCY SCORE 53.6

hi , kaspersky scan(included at the end ) came up with a few infections, please help me with removal logs:Logfile of random's system information tool 1.04 (written by random/random)Run by Yanai Michael at 2008-12-14 13:16:05Microsoft Windows XP Home Edition Service Pack 3System drive C: has 4 GB (9%) free of 53 GBTotal RAM: 1526 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:16:16, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\... Read more

A:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

Read other 7 answers
RELEVANCY SCORE 53.6

Hello, I'm currently working with my girlfriend to resolve a computer issue. She recently had her e-mail account and photobucket account compromised, and as a result - I wanted to help her clean out her computer and make sure everything is clean. In doing so, I've run across a worm that I'm unable to guide her through removing myself. I'm not computer illiterate, but no genius either, which brings me here asking for your help.

I've had her run Spybot S&D, which turned no results other than cookies and such. I had her run Ad-Aware, which turned up Win32.P2P-Worm.Alcan.a. This is where I've began having issues. I've googled it, tried a few of the fixes that people have posted to no avail. I had her run hijack this and retrieve the logfile for me. I'll post it below.

If anyone could provide some help cleaning this worm out of her system, it would be much appreciated, as I'm clueless to what to do next.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:52 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.ex... Read more

A:Virus/Worm Issue - Win32.P2P-Worm.Alcan.a

Read other 7 answers
RELEVANCY SCORE 53.6

ok well i was JUST infected with this worm? i guess, and it gives me the same pop-up over and over "spyware alert" and some other ones
it tells me 2 download some software
but i haven't nor will i
so some one please help me !
 

A:HELP ASAP Worm.Win32.netsky i have that worm please help me remove it

Read other 16 answers
RELEVANCY SCORE 52.8

my computer problem and solution center detects that i have a virus W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm. I tried downloading spyhunter to remove it but it keeps crashing. I have spy doctor but when i run it says i have no viruses. my computer has began to freeze up and my firefox en windows live does not respond at all. below is my dds report
DDS (Ver_09-09-29.01) - NTFSx86
Run by Chris at 14:28:45.70 on Mon 09/28/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1013.164 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.... Read more

A:W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

...ok, i don't remember having this, but...under windows "problem reports and solutions", under "information about other problems", there is 1 called "virus alerts".It says:"Remove the W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm from your computerThis problem [i don't know what problem they're referring to] was caused by W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm, a known computer virus"this probably happened in the past. so...1) how do i 100% make sure it's off my computer?2) so far, i don't THINK (think, still unsure) that it's still in my computer. but if it isn't then why do i have that "virus alert" thing under "information about other problems" under "problem reports and solutions"?

A:W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm

What program is alerting you to the infection? Can you create a screenshot,, upload it to an image site such as Photobucket, Media Fire, TinyPic or ImageShack and provide a link to the url address back here?To capture a screenshot, refer to:Windows XP: Take a screen shotHow to Take a Screenshot in Windows XP or VistaHow to take and share a screen shot in Windows <- also includes instructions for uploading

Read other 1 answers
RELEVANCY SCORE 52.8

Today my laptop became infected with a worm. I followed advice on this fourm and used smitfraudfix, atf cleaner, and superantispyware to remove the problem. I also have run a malwarebytes scan but my laptop remains VERY VERY VERY slow. It takes about 4 minutes just to log onto the internet and it freezes alot. Also, my ctrl alt delete (which until today worked fine) refuse to function. I cannot very well give you a hijackthis diagnostic report because I cannot get online to post the results due to the slowness of my computer.

Please help! I can get on long enough to probably be able to download something but that would be it.

A:Worm.win32.netbooster Got Rid Of Worm But Need Help With Followup

See if you can update MBAM and SAS, after that disconnect from the internet, you might need to pull the power to your router/modem if you use wirelessRun MBAM from normal mode, let it cure anything, then boot into safe mode and run atf cleaner and then SAShttp://www.bleepingcomputer.com/forums/ind...mp;#entry839950Follow these directions pleaseIf you are using Vista please advise as ATF Cleaner does not work quite right

Read other 3 answers
RELEVANCY SCORE 52.8

Hello,
 
I need some help with this message, made me kind of worried.
Today this message popped up from the action center, then it got archived automatically, so i have no idea if the virus is still around.
I got Eset nod32 antivirus 5 running and usually it detects stuff but this time no message at all.
 
Ran an in-depth scan with eset and it didnt show any threats.
Also tried microsoft malicious software removal tool and it shows 4 infected files but then when it finished it said no malicious files found?
 
Appreciate any help i can get.
 
Thanks!

A:"W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm"

Hello forma and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the rem... Read more

Read other 25 answers
RELEVANCY SCORE 52.8

When my dad ran Ad-aware it found the win32.worm.kido file on this Windows Vista computer. Upon reboot the computer deleted the file. I than ran malware bytes and I believe it removed some files, I will post the log because i'm not sure how to read it. I ran Superanitspyware and it found some tracking cookies and I deleted them, no other abnormal files found. I than ran McAfee and it did not find any viruses. I wanted to make sure the system was clean so I ran a Panda online scan and it found the conficker C worm on the computer. I believe he has windows auto update turned on so Vista should be up to date. I will post the ad-aware log, malware bytes, and panda scan logs. I have followed all the preperation guidelines except the rootrepeal acted as such when scanning the files section: first attempt crashed rootrepeal program, second attempt made computer restart, third attemp windows explorer crashed and restarted and rootrepeal was frozen. I ran rootrepeal with everything except the files section checked and I will post that log. With this conficker infection should we change the windows logon password, and various service passwords (facebook, myspace, online banking)? Also, two camera memory cards were plugged into the laptop and two usb drives how do I go about scanning those, I told them to not put them in any other computers for now.Here are the logs:AdawareLogfile created: 12/2/2009 05:19:48Lavasoft Ad-Aware version: 8.1.2User performing scan: Michael**********... Read more

A:Win32.Worm.Kido and W32/Conficker.C.worm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 52.4

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 52.4

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 52.4

Hi
my comp has been infected and i really need you guys to help, its running at 100% cpu as soon as i try to run anything and is very slow, i've run varius anti virus programmes but cant shift these ones:
SYSPROTECT, Win32.Jeefo.a, Email-Worm.Win32.Sober.z

i get the friend finder pop up and it keeps telling to download a virus programme

hope you guys can help.
here is my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 22:21:24, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\... Read more

A:Solved: SYSPROTECT,Win32.Jeefo.a,Email-Worm.Win32.Sober.z PLEASE HELP REMOVE!!

Read other 15 answers
RELEVANCY SCORE 52.4

My avast antivirus software keeps detecting recurring instances of a Win32: Sality virus, along with Malas.B [wrm]. I scanned the infected files with an online Kapersky tool, and it said they were infected with P2P-Worm.Win32.Malas.r.

I've been getting these messages every once in a while for a month or two now. I've scheduled boot-time virus scans with avast, and other anti-virus programs without successfully detecting anything.

I've noticed some of my processes refuse to exit, even though I start task manager to end the process/process tree. Such includes Firefox and Chrome processes, even though the programs have already disappeared from the screen. Additionally, whenever I start Avast, I am blocked from accessing the internet with chrome, internet explorer, or firefox.

Could anyone lend a hand? Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:11 AM, on 7/7/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Camera Assistant Software f... Read more

A:Antivirus Detects recurring instances of P2P-Worm.Win32.Malas.r, Win32: Sality

Read other 16 answers
RELEVANCY SCORE 52.4

Hi guys need some urgent help....i have AVG 8.5.427 free edition installed on my system ,wherein the operating system is Windows XP Profesional .....i ran a scan on my system and the scan reported Trojan Horse Generic11.ATHC and the resident shield log reported the remaining viruses(Worm/Downadup,Win32/Virut,Win32/Cryptor).I deleted the corresponding folders but still the system is very slow.It would be of immense help if anybody could provide expert advice on this matter.I am providing the hijackthis log herewithLogfile of Trend Micro HijackThis v2.0.2[/u][/u]Scan saved at 4:18:32 PM, on 12/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exeC:\WINDOWS\system3... Read more

A:Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hello,

I have a Dell Latitude CPIa with Win XP Pro that seems to be infected with both a worm and a trojan. The trojan turned up first. Name Win32:Small-EPJ. while trying to remove it, I suddenly got warnings from my Avast that it was also infected with a Win32:Zhelatin-BJL worm. My questions are this. How do I remove them and is it possible to find out where I picked them up?

My deepest thanks to anyone who can help me!
After an avast bootscan I have two other trojans trying to make a connection with my laptop. They are Win32:Agent-Kir and win32:Agent-MEB

A:Probs With Win32:zhelain-bjl Worm & Win32:small-epj Trojans

Hello run these 2 items1)Panda Activescan?. This Online scan should find and remove most Virus/Trojans.2)Next:download,install and update. SuperAntispywareThen reboot back to Safe ModeScan your root drive (C:\) and quaratine all items found.Double-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.) Do not run a scan just yetReboot in "SAFE MODE using the F8 method and launch SUPERAntispyware.In the main screen, under "Scan for Harmful Software" click Scan your computer.There are three scanning options. Choose "Perform Complete Scan" and click "Next".After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure they all have a checkmark next to them and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked to reboot, click "Yes".If not, select Close to exit the program and reboot normally.Let us know how ut... Read more

Read other 7 answers
RELEVANCY SCORE 52

Hello and thank you in advance,I have attached the DSS reports and the Kapersky report below. Besides having a slow computer, I have noticed that in my "suspect e-mail folder" in my Earthlink account I have lots of messages reading "delivery error" and there are a lot of messages I never sent. I'm pretty sure this would be the e-mail worm that's in the Kapersky report. I'm not sure about all the rest. We use the Windows Firewall and AVG Free 8.0. I also have used SpyBot Search and Destroy. I think Kapersky found more than everything else combined. Can you please help me clean up my computer? Thanks!!!THE DSS Main.txt report:Deckard's System Scanner v20071014.68Run by Meredith on 2008-07-28 07:25:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --84: 2008-07-28 14:26:14 UTC - RP763 - Deckard's System Scanner Restore Point83: 2008-07-27 16:48:35 UTC - RP762 - System Checkpoint82: 2008-07-26 16:47:22 UTC - RP761 - System Checkpoint81: 2008-07-25 16:17:28 UTC - RP760 - System Checkpoint80: 2008-07-24 15:54:47 UTC - RP759 - System Checkpoint-- First Restore Point -- 1: 2008-04-29 22:03:55 UTC - RP680 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 255 MiB (512 MiB recommended... Read more

A:Trojan-downloader.win32.vb.ah And Email-worm.win32.sircam.c

Just wondering... how long does it take for someone to respond?

Read other 30 answers
RELEVANCY SCORE 52

Hello - this is my first time posting (or even having a virus for that matter). My computer and flash drive have been infected with a virus (thanks to one of my colleagues) and I have spent hours trying to get rid of it. I am at the end of my rope! The virus originally showed up as "windowsmsnlive.exe" and I worked like hell to get rid of it, running NAV, Malwarebytes, and eventually SDfix. But somehow the virus kept coming back. I realized it was the autorun feature on my CPU and flash drives, so I disabled that and have not seen windowsmsnlive.exe for a couple of days. However, my paranoid nature will not allow me to believe that I have gotten rid of it and i am afraid to plug my flash drive into my home computer for fear of spreading something. I ran Kaspersky today and got the following report:

File name Threat Threats count
C:\Documents and Settings\Admin\Desktop\Docs and pics\autorun.inf Infected: Worm.Win32.AutoRun.efg 1
C:\Documents and Settings\Admin\Desktop\Docs and pics\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups_old1\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-... Read more

A:Trojan.Win32.Buzus.bkbe AND Worm.Win32.AutoRun.efg

Hello - this is my first time posting (or even having a virus for that matter). My computer and flash drive have been infected with a virus (thanks to one of my colleagues) and I have spent hours trying to get rid of it. I am at the end of my rope! The virus originally showed up as "windowsmsnlive.exe" and I worked like hell to get rid of it, running NAV, Malwarebytes, and eventually SDfix. But somehow the virus kept coming back. I realized it was the autorun feature on my CPU and flash drives, so I disabled that and have not seen windowsmsnlive.exe for a couple of days. However, my paranoid nature will not allow me to believe that I have gotten rid of it and i am afraid to plug my flash drive into my home computer for fear of spreading something.

Here is the DDS report:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Admin at 8:38:16.14 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Sy... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hi bleeping computer helpers,I was infected by the worm.win32.autorun.avz which quickly overwhelmed my AVG scanner which was up to date and operating at the time.I installed Kaspersky Internet Security 7.0.1.321 and it found over 230 examples of the autorun worm as well as lots of the trojan PSW.Win 32.OnLineGames.lej (and numberous other OnLineGames.---) as listed above. At first the virus was restarted every time I restarted the computer but now I have "clean" results from Kaspersky after multiple full system scans.I have also done the following as per the instructions in the prep guide:- Cleaned out temp files- scanned with Ad-Aware and Spybot- scanned with Housecall, Panda and Bit Defender- Run McAfee AVERT stinger- my Kaspersky firewall is active- I have the latest Windows Updates downloaded and installedAll of these came back with a "clean" report with the following exceptions which I believe to be false positives based on googling the name of the "problem".One or more of the scanners objected to the following issues:LvPrcSrve.exe which I believe is a valid part of the Logitech Quickcamwltrysvc.exe which I believe is part of the Belkin Wireless strength monitorKeylogger \Driver\mhk which I believe is part of my BestCrypt programSbRecovery.ini which I believe is part of Spybotsvchost.exe which I believe is a part of Windows despite Kaspersky telling me 5-6 times in a row that an "executable file has been modified since last s... Read more

A:Worm.win32.autorun.avz And Trojan-psw.win32.onlinegames.lej And Also Ending W/ .lek .isb .loi .leh .hfr

Hello GDW and welcome to the BC HijackThis forum. Let's see what else shows up with a different scanner.Before running the scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Check the box for Include MD5 on the toolbar.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select ... Read more

Read other 6 answers
RELEVANCY SCORE 52

As you can see from the title, I got a bad infection. I am getting the same screen warning others are getting in other threads concerning this same infection. I am not on this computer as I am afraid to plug it into my home network. I used a memory stick to get this log. Can you please help me? Thanks in advance.
Here is Highjackthis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:34 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 52

Deckard's System Scanner v20071014.68Run by rad on 2008-05-21 08:51:36Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 5.2 GiB (less than 15%) free.-- HijackThis (run as rad.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52:58, on 2008-05-21Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\... Read more

A:Infected With Adware.win32.insider.d & P2p-worm.win32.kapucen.b

Hello Paularden and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

Read other 6 answers
RELEVANCY SCORE 52

Here is the history of the problem:Two days ago using Firefox I entered a google search and a page came up explaining that I most likely had some sort of malware and they were blocking my search due to automated searches coming from my computer. The google page suggested I check with an Adware program. I did use Ad-Aware and it found and removed Win32.Worm.LovGate. However this hasn't appeared to be the end and my firefox has not been running as normal. I am vague on what else has tipped me off as to a continued problem however here are some other things I have noticed:This website : <http://maplestreetpress.com/book.cfm?book_id=44> redirected itself all day yesterday to another website in turkish I believe.Again my firefox seems to be running slower than usual, for instance I closed it sometime yesterday to again run Ad-Aware and it took forever to close and I was unable to use Ad-Aware to manually update a virus definition file until I used CNTR-ALT-DEL to end firefox.I think I perhaps this program I also used after searching my worm came up with a removal software:<http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/>While installing my McAfee deleted "Generic PWS.y (Trojan) from c:\documents and settings\...\virus removal tool\is-0CI9R\is-1DDDQ.tmpI have now downloaded the 8.0 version of Ad-Aware and just run it and it found and got rid of the Win32.Iroffer.1227 worm but the previously mentioned website problem has now just now ... Read more

A:Infected with Win32.Worm.LovGate then Win32.Iroffer.1227

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 51.6

I've been having problems staying online, I've changed modems but it doses not help what so ever, I assumed it was the modem because the internet light and DSL lights kept going red and on and off at random times....

Umm when I turn on my computer and access the administer account before seeing my descktop icons I see a blue screen and then my wall paper appears... I dunno if that's normal....

My AdWare antivirus keeps telling me I cannot removes the viruses above, I've tried many things without any actual change in this annoying process... of getting DCed and Re-Connecting)

(Are these problems related??)

Any help would be appreciated, and thank you in advance ^_^

DDS (Ver_09-03-16.01) - NTFSx86
Run by David Luna at 15:57:56.07 on Sun 03/29/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.397 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
FW: Norton AntiVirus *disabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.e... Read more

A:Win32.TrojanDownloader.Agent Win32.Worm.Autorun

Bump

Read other 4 answers
RELEVANCY SCORE 51.6

Im going nutz with these two and I dont know how to get rid of them. Windows XP running. Tried to understand other threads but not sure if it would apply to what I have here. A great deal of help needed!
 

A:virus IM-Worm.win32 and also Trojan-downloader.win32

Read other 16 answers
RELEVANCY SCORE 51.6

Here is my HiJackThis log - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:05:03 PM, on 2/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AV... Read more

A:Win32/Heur - I-Worm/Nuwar - Win32/Virut

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Read other 14 answers
RELEVANCY SCORE 51.6

I can not get my computer to connect to network drives or printers. It can't even detect the other computers in my network. I have ran McAfee, Malwarebytes, Adaware, and others. I have gone in and removed the xblgen.exe file and ran C-cleaner and I still can't connect to shared drives or printers in my network. Also, Kaspersky is still finding several Trojans when none of these other programs do. Here are the log files I have generated from Kaspersky, HiJackThis:Kaspersky:--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORTTuesday, March 24, 2009Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Tuesday, March 24, 2009 16:35:03Records in database: 1962148--------------------------------------------------------------------------------Scan settings:Scan using the following database: extendedScan archives: yesScan mail databases: yesScan area - My Computer:A:\C:\D:\Scan statistics:Files scanned: 90930Threat name: 5Infected objects: 16Suspicious objects: 0Duration of the scan: 02:19:56File name / Threat name / Threats countC:\Qoobox\Quarantine\C\adsaddssgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1C:\Qoobox\Quarantine\C\adsajfdsgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1C:\Qoobox\Quarantine\C\adsasgl.exe.vir Infected: Trojan.Win32.Agent2.ezc ... Read more

A:Net-Worm.Win32.Kolab.blm 1 & Trojan.Win32.Agent2.ezc 1

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 7 answers
RELEVANCY SCORE 51.6

Athlon AMD pc Windows XP Service pack3

My F-Secure antivirus keeps warning me about malware eg koobface but can only deal with it by renaming it. Spybot and Malwarebytes have identified Win32.agent.pz, Win32.BHO.je,and virtumonde.dll (among others). I have tried turning off System Restore and have used Safe Mode but all to no avail as they keep returning.
I have downloaded Hijack this so could post a log if required.
Any help would be much appreciated. Thank you.
 

Read other answers
RELEVANCY SCORE 51.6

I'm pretty sure I was infected by a compromised USB key. I'm using a Dell LatitudeD830 running Windows XP. For security, I currently use Windows Defender, which has repeatedly turned up VirTool:Win32/VBInject.AQ, Worm:Win32/Hamweq!inf, Trojan Downloader:Java/OpenConnection.AK, and a bunch of Exploit:Java...

I keep getting a popup Network Connections window telling me that "You (or a program) have requested information from xxx.xxx.xxx Which connection do you want to use?" There is a box for a connections list, but the only one listed is NationalAccess-BroadbandAccess. I have the option to check a box "Don't ask me again until the next time I log on" (which I do not check) and the buttons "Settings," "Connect..." and "Cancel." For lack of a better idea, I click "Cancel."

If there's any relevant information I neglected to include in this post, please let me know and I'll get it to you ASAP. Also, I have not backed up my files because I'm afraid of transferring the infection to my removable hard drive. How would I go about backing up safely?

Any insights you could possibly offer would be greatly appreciated. Thanks in advance.

Here is a copy of my HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:52 AM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System... Read more

A:HELP!! VirTool:Win32/VBInject.AQ and Worm:Win32/Hamweq!inf

Read other 16 answers
RELEVANCY SCORE 51.2

please help me....idk what to do....i've removed a lot of other things that were on here but my nod32 didnt detect the following infections.....what can i do next to get rid of all this stuff? and i also have a file called fdccffbffbd.dll that keeps showing up...and i cant delete it....thank you..........and happy thanksgiving*KASPERSKY ONLINE SCANNER 7 REPORT*Wednesday, November 26, 2008Operating System: Microsoft Windows XP Home Edition Service Pack 3(build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Wednesday, November 26, 2008 09:59:47Records in database: 1418243*Scan settings*Scan using the following database extendedScan archives yesScan mail databases yes*Scan area* My ComputerA:\C:\D:\*Scan statistics*Files scanned 101537Threat name 5Infected objects 14Suspicious objects 0Duration of the scan 03:13:31*File name* *Threat name* *Threats count*C:\RECYCLER\S-1-5-21-1951078608-3892172462-226310285-2436\service.exeInfected: Trojan.Win32.Inject.klc 1 C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe Infected:Trojan.Win32.Qhost.kng 1 C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\979e69aafdc832e6... Read more

A:Worm.Win32.AutoRun.sqi, Trojan.Win32.Inject.klc, Trojan.Win32.Monder.zfd

bump

Read other 19 answers
RELEVANCY SCORE 50.8

Hi!

I've run into a handful of viruses including y.exy, emold, acrord32, and zbot. It looks like they were mostly blocked by Norton, except that the y.exy file apparently made “modifications” to my computer. How can I be sure that no serious changes were made? I’ve read on some sites that a system reinstall may be necessary to be sure – is that the case? I am not seeing any pop-ups or slowdowns.

Thanks for your help!

The first indication of trouble came from Norton Internet Security – here are the logs (note info is by category and in reverse chrono order):

11/3/2009 9:34 PM,Info,"An instance of \"<path>C:\WINDOWS\System32\svchost.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall

11/3/2009 9:34 PM,Info,"An instance of \"<path>C:\Documents and Settings\KD\Local Settings\Temp\y.exy</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall

11/3/2009 9:33 PM,Info,"An instance of \"<path>C:\Program Files\Internet Explorer\iexplore.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall

11/3/2009 9:32 PM,Info,"An instance of \"<path>C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe</path>\" is preparing to access the Internet.",Detected,No Action Required,Firewall

11/3/2009 9:31 PM,Info,"An instance of \"<path>C:\Program F... Read more

A:y.exy, emold, and Zbot, and others!

Read other 8 answers
RELEVANCY SCORE 50.8

Hello, I would love it if someone could help with this problem...When I login to windows, a message pops up telling me I have worm.win32.netsky And once windows loads, windows defender tells me I have win32/fakeinitI have tried mcafee but to no avail. It does not remove the problem(s).I tried running DDS.scr but the logs never popped up (I waited a long time, too!)But here are the RootRepeal logs as requested. I await your instructions!

A:Worm.win32.netsky and win32/fakeinit

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers