Over 1 million tech questions and answers.

Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Q: Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\BRSS01A.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Sony\giga pocket\shwserv.exeC:\Program Files\Dantz\Retrospect\retrorun.exeC:\Program Files\Dantz\Retrospect\wdsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\WINDOWS\system32\BrmfRsmg.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Sony\giga pocket\RM_SV.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\BitDefender\BitDefender 2008\bdagent.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Microsoft ActiveSync\rapimgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dwwin.exeC:\WINDOWS\system32\dwwin.exeC:\DOCUME~1\PAULHA~1\LOCALS~1\Temp\SSUPDATE.EXEC:\Program Files\BitDefender\BitDefender 2008\seccenter.exeC:\WINDOWS\system32\wuauclt.exeK:\dss.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeopleR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {0BDE63BC-B7DB-4D77-AD5C-62C589F0D848} - (no file)O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dllO4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUserO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startupO4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /SO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://nwmls.com (HKCU)O15 - Trusted Zone: https://nwmls.com (HKCU)O15 - Trusted Zone: http://rapmls.com (HKCU)O15 - Trusted Zone: https://rapmls.com (HKCU)O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB857FA6-DF47-4C6D-9A69-64FC06522F77}: NameServer = 4.2.2.2,4.2.2.3O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLLO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dllO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: hgGaaBUn - C:\WINDOWS\system32\hgGaaBUn.dll (file missing)O20 - Winlogon Notify: __c0083BA5 - C:\WINDOWS\system32\O20 - Winlogon Notify: __c00ADE68 - C:\WINDOWS\system32\O20 - Winlogon Notify: __c00E6A62 - C:\WINDOWS\system32\O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\BRSVC01A.EXEO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\giga pocket\shwserv.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exeO23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exeO23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exeO23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exeO23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exeO23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exeO23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exeO23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exeO23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeO24 - Desktop Component 0: My Current Home Page - --End of file - 12617 bytes-- File Associations -----------------------------------------------------------.bat - batfile - shell\edit\command - NOTEDAD.EXE %1.reg - regfile - shell\open\command - regedit.exe "%1" %*.reg - regfile - shell\edit\command - NOTEDAD.EXE %1.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sysR1 tdtcpp - c:\windows\system32\drivers\tdtcpp.sysR2 BrPar - c:\windows\system32\drivers\brpar.sys R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys R3 SASENUM - c:\program files\superantispyware\sasenum.sys S1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhfile.sys (file missing)S1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys (file missing)S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:\windows\temp\7.tmp (file missing)S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe S2 Retrospect Helper - "c:\program files\dantz\retrospect\rthlpsvc.exe" -- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-05-05 23:00:00 350 --a----c- C:\WINDOWS\Tasks\At48.job2008-05-05 23:00:00 350 --a----c- C:\WINDOWS\Tasks\At24.job2008-05-05 22:00:00 350 --a----c- C:\WINDOWS\Tasks\At47.job2008-05-05 22:00:00 350 --a----c- C:\WINDOWS\Tasks\At23.job2008-05-05 21:00:00 350 --a----c- C:\WINDOWS\Tasks\At46.job2008-05-05 21:00:00 350 --a----c- C:\WINDOWS\Tasks\At22.job2008-05-05 20:00:00 350 --a----c- C:\WINDOWS\Tasks\At45.job2008-05-05 20:00:00 350 --a----c- C:\WINDOWS\Tasks\At21.job2008-05-05 19:00:00 350 --a----c- C:\WINDOWS\Tasks\At44.job2008-05-05 19:00:00 350 --a----c- C:\WINDOWS\Tasks\At20.job2008-05-05 18:00:00 350 --a----c- C:\WINDOWS\Tasks\At43.job2008-05-05 18:00:00 350 --a----c- C:\WINDOWS\Tasks\At19.job2008-05-05 17:00:00 350 --a----c- C:\WINDOWS\Tasks\At42.job2008-05-05 17:00:00 350 --a----c- C:\WINDOWS\Tasks\At18.job2008-05-05 16:00:00 350 --a----c- C:\WINDOWS\Tasks\At41.job2008-05-05 16:00:00 350 --a----c- C:\WINDOWS\Tasks\At17.job2008-05-05 15:00:00 350 --a----c- C:\WINDOWS\Tasks\At40.job2008-05-05 15:00:00 350 --a----c- C:\WINDOWS\Tasks\At16.job2008-05-05 14:00:00 350 --a----c- C:\WINDOWS\Tasks\At39.job2008-05-05 14:00:00 350 --a----c- C:\WINDOWS\Tasks\At15.job2008-05-05 13:00:00 350 --a----c- C:\WINDOWS\Tasks\At38.job2008-05-05 13:00:00 350 --a----c- C:\WINDOWS\Tasks\At14.job2008-05-05 09:00:00 350 --a----c- C:\WINDOWS\Tasks\At34.job2008-05-05 09:00:00 350 --a----c- C:\WINDOWS\Tasks\At10.job2008-05-05 08:00:00 350 --a----c- C:\WINDOWS\Tasks\At9.job2008-05-05 08:00:00 350 --a----c- C:\WINDOWS\Tasks\At33.job2008-05-05 07:00:00 350 --a----c- C:\WINDOWS\Tasks\At8.job2008-05-05 07:00:00 350 --a----c- C:\WINDOWS\Tasks\At32.job2008-05-05 06:00:00 350 --a----c- C:\WINDOWS\Tasks\At7.job2008-05-05 06:00:00 350 --a----c- C:\WINDOWS\Tasks\At31.job2008-05-05 05:00:00 350 --a----c- C:\WINDOWS\Tasks\At6.job2008-05-05 05:00:00 350 --a----c- C:\WINDOWS\Tasks\At30.job2008-05-05 04:00:00 350 --a----c- C:\WINDOWS\Tasks\At5.job2008-05-05 04:00:00 350 --a----c- C:\WINDOWS\Tasks\At29.job2008-05-05 03:04:00 358 --a----c- C:\WINDOWS\Tasks\EastTecEraser.job2008-05-05 03:00:00 350 --a----c- C:\WINDOWS\Tasks\At4.job2008-05-05 03:00:00 350 --a----c- C:\WINDOWS\Tasks\At28.job2008-05-05 02:00:00 350 --a----c- C:\WINDOWS\Tasks\At3.job2008-05-05 02:00:00 350 --a----c- C:\WINDOWS\Tasks\At27.job2008-05-05 01:00:00 350 --a----c- C:\WINDOWS\Tasks\At26.job2008-05-05 01:00:00 350 --a----c- C:\WINDOWS\Tasks\At2.job2008-05-05 00:00:00 350 --a----c- C:\WINDOWS\Tasks\At25.job2008-05-05 00:00:00 350 --a----c- C:\WINDOWS\Tasks\At1.job2008-05-04 10:00:00 350 --a----c- C:\WINDOWS\Tasks\At35.job2008-05-04 10:00:00 350 --a----c- C:\WINDOWS\Tasks\At11.job2008-05-03 12:00:00 350 --a----c- C:\WINDOWS\Tasks\At37.job2008-05-03 12:00:00 350 --a----c- C:\WINDOWS\Tasks\At13.job2008-05-03 11:00:00 350 --a----c- C:\WINDOWS\Tasks\At36.job2008-05-03 11:00:00 350 --a----c- C:\WINDOWS\Tasks\At12.job2008-04-29 21:35:00 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job-- Files created between 2008-04-05 and 2008-05-05 -----------------------------2008-05-05 23:13:31 0 d------c- C:\Erase38E.tmp2008-05-05 21:59:54 0 d------c- C:\EraseC61.tmp2008-05-02 12:11:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-05-01 23:52:47 0 d------c- C:\Documents and Settings\Paul Hanken\Application Data\Malwarebytes2008-05-01 23:52:30 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-05-01 23:52:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-04-30 17:59:12 0 d------c- C:\VundoFix Backups2008-04-30 17:55:04 0 d------c- C:\327882R2FWJFW2008-04-30 17:19:28 0 d------c- C:\Erase008.tmp2008-04-29 12:01:30 0 --ahs--c- C:\Documents and Settings\Paul Hanken\Application Data\0048176ff6aba2dd96cccedcfef8a3d4abafab8ac3bf6e3f0a.dat2008-04-29 11:42:38 0 d--hs---- C:\WINDOWS\UGF1bCAgSGFua2Vu2008-04-29 11:42:26 86144 --a------ C:\WINDOWS\system32\drivers\tdtcpp.sys2008-04-29 11:42:22 0 d-------- C:\WINDOWS\system32\gx42008-04-29 11:42:19 0 d-------- C:\Program Files\??crosoft.NET-- Find3M Report ---------------------------------------------------------------2008-05-02 12:14:23 0 d-------- C:\Program Files\SUPERAntiSpyware2008-05-02 12:14:18 0 d------c- C:\Documents and Settings\Paul Hanken\Application Data\SUPERAntiSpyware.com2008-05-02 12:11:29 0 d-------- C:\Program Files\Common Files2008-04-30 23:52:26 0 d-------- C:\Program Files\Java2008-04-30 11:52:33 0 d-------- C:\Program Files\Eusing Free Registry Cleaner2008-04-29 16:56:40 0 d-------- C:\Program Files\??crosoft.NET2008-04-29 14:02:05 33 --a----c- C:\Documents and Settings\Paul Hanken\Application Data\install.ini2008-03-12 13:31:13 0 d-------- C:\Documents and Settings\Paul Hanken\Application Data\PureEdge2008-03-12 13:30:52 0 d-------- C:\Program Files\PureEdge2008-03-12 13:30:51 0 d--h----- C:\Program Files\InstallShield Installation Information-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BDE63BC-B7DB-4D77-AD5C-62C589F0D848}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2007-08-22 17:24]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-28 00:20]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 10:06]"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 12:25][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16]"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:51]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 12:14]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03][HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"IESet"=IExplorer.dll .dbtC:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaaBUn] hgGaaBUn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0083BA5] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00ADE68] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00E6A62] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" /server"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup"nwiz"=nwiz.exe /installquiet"ATIModeChange"=Ati2mdxx.exe"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe"masqform.exe"=C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"SetDefPrt"=C:\Program Files\Brother\Brmflp03\BrStDvPt.exe"HPHUPD05"=D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k"WD Button Manager"=WDBtnMgr.exe"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe""HPHmon05"=C:\WINDOWS\system32\hphmon05.exe"HP Software Update"="D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe""HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""SM1BG"=C:\WINDOWS\SM1BG.EXE"AGRSMMSG"=AGRSMMSG.exe"SDFix"=C:\SDFix\RunThis.bat /second"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe""QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime"NapsterShell"=C:\Program Files\Napster\napster.exe /systray"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]"IESet"=IExplorer.dll .dbt[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx scan-- End of Deckard's System Scanner: finished at 2008-05-05 23:39:57 ------------

RELEVANCY SCORE 200
Preferred Solution: Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 155.2

I have been having repeated/reoccurring infections of Adware. Vundo Variant, Adware.Vundo Variant / Small-A, Adware. eZula, Trojan. Downloader-NewJuan/VM, Trojan. Downloader-Gen/DDC., and Adware. Tracking Cookie. The infection originally started when trying to fix my son's computer which was infected mainly with a Trojan Vundo (can't remember exact name). I download fixes (programs) to my laptop computer and then transferred them to his computer since it was offline. I apparently downloaded/ran something that immediately infected my computer. Trojan Vundo was immediately picked up by McAfee, and supposedly removed.My laptop is protected by McAfee Security Center (always updated and running). I am using Windows XP (always updated). I use IE (always updated/latest version).I have used Ad-Aware 2007, Spybot S&D, SUPERAntiSpyware, and others I can't remember in attempts to remove. I have also used other Anti-virus programs, Advast!, etc. since I was told that different programs pick up different infections. I have also followed many links and suggestions from this and other sites to remove the problems. I have also used SmitFraudFix and RogueFix , which have picked up problems, which were then removed. I have run all the programs in both normal and safe mode.When I run the various programs, it will pick up the infections and I go through the process of removing them. The computer seems to work great w/o any problems until I get on the internet and then the popups, redire... Read more

A:Adware. Vundo Variant, Vundo Variant / Small-a, Ezula; Trojan. Downloader-newjuan/vm, Trojan. Downloader-gen/ddc, Adware. Track...

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved.Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter.Use fluffybunny.exe from now on.Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

Read other 10 answers
RELEVANCY SCORE 145.2

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 136.8

I have been trying to rid my home computer of these virus/trojans, for over a week now. I have run the following scans - Norton 2007, McAfee 2007, Windows Defender, Windows Live One Care, Spybot, Adaware, SUPERAntiSpyware, Bit Defender, FixVundo and VundoFix all in normal and safe mode. As recommended by Norton, I have turned the system restore off. All of these scans have turned up something, which the program has been deleted. However, Norton, Windows Live One Care, Windows Defender, and SUPERAntiSpyware continue to provide notices of the infections, and despite being deleted they reappear!
So I am asking for anyone's help on removing these nuisances. I performed a Hijackthis scan and the results are below. I hope someone can look this over and suggest further steps.
Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:35:48 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\V... Read more

A:Trojan.Downloader, Adware.Vundo Variant, Trojan.Vundo and Win32/Fotomoto Infections

Anyone have any suggestions? I'm thinking of just backing up my data and reformatting my hard drive but this is my last resort obviously. Please help...
 

Read other 1 answers
RELEVANCY SCORE 134

I've spent the last week or so trying to get all these (Trojan.Vundo, Trojan.Nebular, Adware.Purityscan, Infostealer.Ldpinch, Downloader) off my computer. I should tell you that I know next to nothing when it comes to computers and I'm terrible in a crisis situation, but honestly I think I've tried just about everything from the Symantec website.So today I decided to try it here at BleepingComputer.com. So I followed everything in the Preparation Guide for the site. Rebooted...and Symatec Auto-protect popped up to warn about Tojan.Vundo, Trojan.Nebular and Downloader. I ran VundoFix.exe. Deleted all that was to be deleted. Restarted. Ran VundoFix.exe until it said it was clean. Then the Auto-Protect pops up to say that it detected Downloader. I turned off my Wireless Internet Connection. (By the way, the Firewall baffles me. I don't know what to say no to and what to say yes to). Ran Spybot, Ad-Aware and deleted everything they found. Ran Stinger until it was clean (twice). Turned back on my Wireless Connection to log on to this website. Opened Firefox. MSN and Yahoo messenger opens (See, I'm about 70% sure that it's IE that's the catalyst. If I just stick to Firefox everything is fine for a good while) and the Auto-Protect starts popping up to warn about Downloader, every five seconds (far more than it has been doing for the past week, but it's just that one and not the 'trojans'). I restarted the comp again (everything calm now), did the HijackThis and here I am! If I m... Read more

A:Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader

Welcome to the BleepingComputer HijackThis Logs and Analysis forum AngelSpirit My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 13 answers
RELEVANCY SCORE 126

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 125.6

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 125.6

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 120.4

Hmm my computer's in pretty bad shape thanks to these damn trojans

Norton started detecting these trojans 3 days ago, and could only block them.

Everytime I try to access IE, there will be a bunch of popups and advertisements.

I tried scanning with Norton Antivirus + Ad-Aware 2007, but nothing could be found.

After that, I went to Cnet downloads, and got myself Spyware Terminator + A-squared 3, both which managed to scan and detect some of the threats. It cleared some of the files and registry keys, but still couldn't kill off the files such as wvuroli.dll that are used by core processes, such as explorer.exe, etc.

Currently my IE doesn't have any popups, but I'm worried that these trojans will return, and I want them completely out of my system

I've browsed tech support guy forums a bit, and found a thread thats similar to my problem:
http://forums.techguy.org/malware-removal-hijackthis-logs/554392-solved-trojan-vundo.html

Following the instructions from that thread, I downloaded VundoFix 6.77 and ran it about thrice. The first time cleared off a bunch of files, the second time detected none, and then the third scan detected new files again !!!!

Below are the logs for VundoFix and HijackThis, please help !!! thanks

=============
My VundoFix Log
=============

First Run
VundoFix V6.7.7

Checking Java version...

Scan started at 1:29:37 PM 1/31/2008

Listing files found while scanning....

F:\WINDOWS\system32\gjkmp.ini
F:\WINDOWS\system32\g... Read more

A:Solved: Help with Trojan.Vundo, Trojan.Metajuan, Trojan.Downloader

Read other 13 answers
RELEVANCY SCORE 119.2

Here is my HiJack This log..I need help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:54 AM, on 7/18/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exec:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Browser MOUSE\mouse32a.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre1.6.0_06\... Read more

A:Trojan Downloader.purity.y Trojan, Downloader Generic 7.zkr And Someother Variations

Hello Anne Arp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 2 answers
RELEVANCY SCORE 117.2

Hello there i've just registered here as my title states i have a huge problem with Trojan Vundo is playing haveck when im using Internet explorer and generally slowing down my computer usage i've scanned with xsoftspy SE as well as Malewarebot deleted what was there but it keeps coming back any suggestions.
 

Read other answers
RELEVANCY SCORE 117.2

I'm late posting. I was learning how to use this web. Thanks for help.
I don't know how i got this infection, just suddenly my free version of AVG antivirus started showing up messages finding trojans (or something similar). I run my free SUPERAntiSpyware and...it found a lot of ... what? Adware.Vundo Variant , Trojan.Downloader-UniBBB, Trojan.WinFixer, and other bad stuff. The program deleted and quarentined those items, but when i connect to internet appears a message RUN.DLL error and the bad stuff comes back to my system. AVG detects the trojans downloaded and heal them, but it doesn't stop the process. I have tried to clean my system in safe mode but it is useless, the matter repeats again and again. I count with:
Avg free edition
avg antispyware free
Superantispyware
hi jack this
ad-aware free
ccleaner
and others. I have used all of them without success.
Now, i don't know what to do. My knowledge on this issue is really nothing, You are my last and real resource. If you can help me I will thank you for sharing your knowledge with me. This is my hijackthis last log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:35 p.m., on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\ls... Read more

A:Trojan.downloader ? Adware.vundo Variant?

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

Read other 7 answers
RELEVANCY SCORE 116.8

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 116.4

I have tried to use SUPERAntiSpyware to remove this and each time I remove it and then reboot windows will not start...So I have to start windows from its last good configuration. My norton has also picked it up and tried to fix it doesn't seem to work either. I tried Vundofix as well..it found it and then fixed but still its there. I think there is also alot more going on besides that. My computer is running very slow..the background has changed to a antispyware add and I'm getting tons of popups as well as a rund.dll error message and my homepage has been changed. Thanks for reading hope you can help.Hijackthis log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:05 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdat... Read more

A:Adware.vundo, Adware.vundo-variant/small A, Vundo Trojan..need Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt, rapport.txt and a new HijackThis log in your next reply.

Read other 21 answers
RELEVANCY SCORE 116.4

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

Read other 16 answers
RELEVANCY SCORE 116

I'm posting my first hijack this log. Thank you for the help.

A:Trojan.downloader-newjuan/vm Adware.vundo Variant

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 17 answers
RELEVANCY SCORE 114.8

Hello, lately I have recieved messages about an Adware-Zeno on my computer and some trojans called Downloader-BEC and BackDoor-CVT. They have caused my computer to run much slower and freeze from time to time. I ran ComboFix and here is the log that it produced:

C:\Documents and Settings\All Users\Application Data\PCPrivacyTool
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\Abbr
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\ProdCode
C:\Documents and Settings\Bryan Bohme\Application Data\PCPrivacyTool
C:\Documents and Settings\Bryan Bohme\Application Data\PCPrivacyTool\Logs\update.log
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\luwrlujr.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rjulrwul.ini
C:\WINDOWS\system32\uycxfyqq.dll
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 16:13 . 2007-12-02 16:13 <DIR> d-------- C:\Program Files\Spruce
2007-12-02 16:12 . 2007-12-02 16:12 106,510 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-12-02 16:12 . 2007-12-02 16:12 37,376 --a------ C:\WINDOWS\system32\xxyxvuv.dll
2007-12-02 16:12 . 2007-12-02 16:13 17 --a------ C:\WINDOWS\system32\msnav32.ax
2007-12-02 16:11 . 2007-12-02 16:12 119 --a------ C:\WINDOWS\system32... Read more

A:Adware Zeno and Trojan

Read other 9 answers
RELEVANCY SCORE 114.8

Over the last week, I have been getting pop-up after pop-up of shady anti-virus/anti-malware ads. At first, I thought they were just random bugs trying to get into my computer, so I would run Malwarebytes and SUPERAntiSpyware to check out what was trying to take over my computer. Imagine my surprise when I found that I had quite a few viruses and bugs roaming around on my computer. I successfully (or so I thought) wiped out some of the things with Malwarebytes, but when I would go to quarantine the bugs on my SUPERAntiSpyware, it would get a few seconds into wiping out the viruses, only to restart my computer completely.

Here's what came up on the SUPERAntiSpyware log, I wrote them down so that I could remember them:
Adware.Tracking Cookie
Adware.Vundo Variant
Rogue.Component/Trace
Trogan.Agent/Gen-MST123
Trojan.Downloader-NewJuan/VM

My apologies if I wrote the names down incorrectly. Anywho, every time the SUPERAntiSpyware gets close to the NewJuan component, it completely shuts down. It does this when I am scanning in BOTH normal and safe modes.

I have been trying to figure out what is wrong with my computer, but have not had any luck getting rid of these Vundo and NewJuan trojans. Every time something seems to disappear, it returns once again. So, could you please help me? I would hate to see my computer out of commission. =[
DDS (Ver_09-03-16.01) - NTFSx86
Run by Melinda at 23:11:24.71 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Editi... Read more

A:Trojan.Downloader-NewJuan/VM, Adware.Vundo Variant Infection! Please help!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

Read other 14 answers
RELEVANCY SCORE 114.8

Hi, this is my first post in the Hijackthis section of the website. I have performed all of the suggested programs: Adware Se, done the Bitdefender on line scan with the Panda antivirus as well. Followed by the Mcafee Avert Stinger, Super antispy, ATF cleaner, Vundo fix, Spybot S&D. Still getting taken to different sites when searching with Google, or yahoo or ask.com . The main address as it appears on the IE address box is usually : Search-daily.com or some ip address followed by /click.php?c= plus a bunch of numbers that resemble pre-algebra. fun...So here is my Hijackthis log as it was just finished , in hope that this will be resolved once and for all. I thank all the helpers in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:39:54 PM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\mcafee.com\agent\mcdetect.exec:\P... Read more

A:Infected With Adware.vundo-variant/b & Trojan.downloader-gen/fotomoto

Welcome to the BleepingComputer HijackThis Logs and Analysis forum causio08My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php... Read more

Read other 14 answers
RELEVANCY SCORE 114.4

As mentioned in the title my computer has recently been dominated by various spyware. I spent the better part of two days actively reading tech forums and have failed so far, so I figured its time to see if I can get someone to hold my hand through this.

Essentially i've tried AVG 7.5, Trendmicro, and Ad-aware as well as Symantec's fix for Vundo and Virtumonde. Seemingly everything is deleted and cleared until the computer is rebooted and then once again everything has been brought back to life.

I managed to "i think" remove some of the issues however Trojan.Small and Trojan.Dialer.QC remain for sure. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:58 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Mic... Read more

A:Solved: Trojan.Small, Trojan.Dialer.qc and Vundo / virtumonde spyware. + Hijackthis Log

Read other 10 answers
RELEVANCY SCORE 114

windows keep popping up , all my security programs can not run, i cannot install windows defender, and the computer is much slower (and constant stating that spyware has been detected). Below, I have pasted the log and info text file generated from the RSIT program. Thank you or all your help!!!Logfile of random's system information tool 1.04 (written by random/random)Run by Narda at 2008-11-29 16:46:41Microsoft Windows XP Home Edition Service Pack 2System drive C: has 6 GB (44%) free of 14 GBTotal RAM: 511 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:47:27 PM, on 11/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sony\VAIO Media Music Server\SSSvr.exeC:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files ... Read more

A:Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open o... Read more

Read other 20 answers
RELEVANCY SCORE 113.6

WOW! I need help badly! I can't get rid of these nasties!!
I tried to post this a couple of minutes ago, but I'm a senior and not too familiar with forums. If this was just posted, please forgive me for the duplication.

ComboScan v20070221.16 run by Jim on 2007-02-23 at 07:57:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jim.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:57:42 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
... Read more

A:Can't eliminate nasties! Trojan'VUNDO';Trojan'DOWNLOADER.ZLOB.FC;Worm'W32.SPYBOT';++

Hello scroller and welcome to TSF,

You posted this just fine.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Let's go after the main, active infection first, then we'll take care of the rest in the next round.

Please download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to your forum thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


--------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool. Select opt... Read more

Read other 19 answers
RELEVANCY SCORE 113.6

I have run MBAM and removed most of the infection from Trojan.Vundo and Trojan.DownloaderI thought I had removed all of the infection but I am still seeing symptoms. When I query "oral surgery" from Google, I am directed to www.nichepass.com.I also ran the EsetOnlineScanner and removed Cimag trojan.Below is my ComboFix log and HJT log.COMBOFIX Log:ComboFix 09-01-13.04 - XXXX 2009-01-14 22:18:43.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.2047.1509 [GMT -5:00]Running from: c:\documents and settings\XXXX\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 ))))))))))))))))))))))))))))))).2009-01-13 23:27 . 2009-01-14 00:56 <DIR> d-------- c:\program files\EsetOnlineScanner2009-01-12 01:13 . 2009-01-12 01:13 <DIR> d-------- c:\documents and settings\XXXX\Application Data\Malwarebytes2009-01-12 01:13 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-01-12 01:12 . 2009-01-14 20:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-12 01:12 . 2009-01-12 01:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-01-12 01:12 . 2009-01-14 16:11 38,496 --a--... Read more

A:Trojan.Vundo or Trojan.Downloader directs user to www.nichepass.com website

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 2 answers
RELEVANCY SCORE 113.6

My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run FixVundo.exe, VundoFix.exe, and WinsockXPfix v1.01.exeI have dow... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

Read other 3 answers
RELEVANCY SCORE 113.6

MY ORIGINAL POST IS IN THE WRONG SECTION> I APOLOGIZE!My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run Fix... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

Read other 1 answers
RELEVANCY SCORE 113.2

Okay, for the past few days I've been having issues with these viruses. I have seen posts here before asking about how to get rid of the same things but since I have those 3 I don't know if there is a better way to do this.

I keep getting random pop ups. I tried downloading VundoFix but it keeps coming back of course. I ran Spybot Search & destroy and the same thing happens.

The Anti-Virus I'm using is Norton AntiVirus Corporate Edition Full version 7.60.926 if thats even necessary. It is up to date and the description it gives me for each one is..

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Downloader
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1\valera[1]
Location: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\07RJ2CT1
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wed Sep 19 23:37:08 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\Documents and Settings\starrs crap\Local Settings\Temporary Internet Files\Content.IE5\CHER4DUR\lkjh[1]
Location: Quarantine
Computer: STARRSCOMPUTER
User: starrs crap
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Wed Sep 19 23:37:10 2007

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\Documents and Settings\s... Read more

A:Virus issues, Downloader, Trojan.Vundo, Trojan Horse

oh god..okay i should probably mention that right now, my antivirus notification is at 89 notifications and counting the same message over

"Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\byxxutr.dll
Location: C:\WINDOWS\system32
Computer: STARRSCOMPUTER
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Thu Sep 20 00:15:34 2007"

by the time im done with this message its up to 99 notifications total and still counting.
103 now

im trying to delete it but it says the file is busy and im trying to disable anti virus but i cant figure out how
 

Read other 3 answers
RELEVANCY SCORE 113.2

I have had my anti-virus(Avast) continuiously popup saying i have a trojan. I delete it and then run XoftSpy SE it also detects vundo and winfixer and downloader- New Juan/VM. I have also ran SuperanitSpyware. It also tries to remove it all to find out it is still on there. I have also ran Stinger, it found nothing. I am running Windows XP. Also when i do this, there are 2 others who also have different user names on it, do i need to access each user and repeat the process for each user? Sorry not sure of these things. I have also experienced continous popups wanting me to download spyware antiviruses, and to try and get rid of these are a real pain because they just keep popping up. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:01:12 PM, on 11/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC: ... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 7 answers
RELEVANCY SCORE 113.2

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 112.8

Hi, I?m a newbie and this is my first post. Thanks ahead of time for existing and for helping me!My computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop with lots of virus/Trojan/adware/malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www.athlonsports.[com] or www.grogansports.[com] was the final virus that started me crashing and generating the wonderful ?Error Message: Stop c000021a {Fatal System Error} The Session Manager Initialization System Process??After failing to reboot multiple times and not being able to use my XP recovery disks, the computer loaded up somehow in Normal Mode. I disconnected from the Internet and I ran Avast! Antivirus before it crashed again and it found the following virus/etc.Found by Avast! AntivirusJS:Redirector-B[Trj] in a temporary internet fileWMA:Wimad[Drp] in a temporary internet fileWin32:Monder-GB[Trj]? in ?c:windows\system32\opnmlccs.dll? file?Win32:Trojan-gen{Other}? in ?c:\Windows\system32\prunnet.exe? file ?Win32:adware-gen[Adw]? in a program that came with computer that I?ve never used: C:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe\$instdir\ppcttoolbar.dllI deleted/quarantined those viruses and tried to do a system restore to a couple days before and it wouldn't let me do it although I had just saved a system restore on 12/31. And t... Read more

A:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

Read other 6 answers
RELEVANCY SCORE 112.8

I am infected with Trojan-Downloader.murlo and Trojan.Generic. I use PC Tools Spyware Dr. with Antivirus and I have run ComboFix and Malwarebytes. I have tried deleting all but the latest restore point and running all antivirus and anti-malware programs in safe mode. Eventually my scans were clean, but the trojans keep coming back. how do I eliminate them for good?

A:Trojan-Downloader.murlo & Trojan.Generic

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. As such, ComboFix should not be used without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. Since you already ran Combofix, its log should be thoroughly reviewed by experts who have been trained to decipher them before proceeding. ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt. Please follow the instructions in the "Preparation Guide For Requesting Help" starting at Step 6. When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 112.4

For the last 3 days my computer has been acting up severely. I have read numerous posts from people with this same issue. Since each set of instructions is geared for a specific computer I will post mine for help. I am not sure how much information is included in the HJT report I will give some specifics.
I am using a Dell Inspiron E1405 lap top with Windows XP Media Center Edition version 2002 Service Pack 3. I normally use Internet Explorer 7, but installed Firefox because I thought it was an IE problem in the begining. I use McAfee Security Suite and it has found the following:
Detection Type: Trojan
Detection Names: Generic.dx!w, Generic.dx!w
Status: Quarantined (Though I have attempted to remove it many times)
File Name: C:\DOCUMENTS AND SETTINGS\MANUEL
MEDEIROS\XPSHIELDSETUP.EXE
This was something that I believe the Vundo Trojan asked me to install, even though I hit no it still installed a phoney virus removal program. Also found was:
Detection Type: Trojan
Detection Name: Vundo!grb
Status: Quarantined (Again I've removed it several times with McAfee)
File Name: C:\WINDOWS\system32\ovurorep.ini

I have done research on both of these and tried several removal methods, none of which have worked. I am getting many pop ups from IE even when I am on Firefox, very slow speed (some sites are a little better than others), and at times I cannot access my email. It says that they are doing maintenance, however other friends with the same ISP have no trouble. I am also get... Read more

A:Generic.dx!w Trojan and Vundo!grb Trojan Removal Help Needed Please.

Bumping
 

Read other 2 answers
RELEVANCY SCORE 112

A couple days I go, I got infected by a trojan.vundo (I think). Now all these pop ups and misleading applications appear randomly, even if i have my pop up blocker on and the windows firewall. My symantec norton anti virus blocked and managed to get rid of it but in the end, the virus, bug, or whatever it is keeps on comming back. And after I scanned my computer, the pop ups still appear (not sure if they are even pop ups since the "advertisement" opens up on another internet explorer browser). I'm beginning to have trouble loading websites and such, even though my internet is working fine; I'm having trouble posting here and loading the page too =\Any help would be appreciated. Thanks.Deckard's System Scanner v20071014.68Run by admin on 2008-04-24 16:58:37Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --61: 2008-04-24 23:59:01 UTC - RP351 - Deckard's System Scanner Restore Point60: 2008-04-24 04:43:44 UTC - RP350 - Last known good configuration59: 2008-04-24 04:43:38 UTC - RP349 - Removed Adobe Photoshop CS258: 2008-04-24 04:43:38 UTC - RP348 - Last known good configuration57: 2008-04-24 04:43:38 UTC - RP347 - Last known good configuration-- First Restore Point -- 1: 2008-04-24 04:43:35 UTC - RP291 - System CheckpointBacked up registry... Read more

A:Infected By Downloader/trojan.metajuan/trojan.vundo

Hi,Please uninstall MyWebSearch via software > add & remove programs.Reboot afterwards.After reboot, * Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 2 answers
RELEVANCY SCORE 112

I'm running windows Vista Home Premium 32bit SP2 on a Toshiba Satellite L305D laptop. I'm connected to the internet via VZaccess Manager's version for a Verizon MIFI2200 wireless wifi device on wireless 3G connection. Using built in Atheros AR5007EG Wireless Network Adapter. I have AVAST free version, MalwareByes AntiMalware and I noticed a McAfee virus scanner was already installed.

I do not have the ability to take the computer back to factory settings because my family member seem to have misplaced the discs. I am trying to get a family members computer running correctly. I have removed many programs/toolbars for the web browsers that were bulking up the view and not needed.

Then I went on to get IRC working. I'm getting a 10060 error when trying to connect to any IRC server using multiple programs. I've tried to reset TCP/IP, Windows Socket, and Windows Firewall. I've also tried to connect to IRC with firewall completely turned off.

I used these commands while in "elevation." I'v tried them in different order with and without rebooting in between and many ipconfig reset/renews.

netsh int ip reset reset.txt
netsh winsock reset
netsh advfirewall reset

After all efforts left me with the same problem I decided to download AVAST free version which came up clean in full scan.

I *then rebooted to safe-mode with networking and downloaded MalwareBytes AntiMalware which produced the log below. Using google and the names of the infections... Read more

A:IRC not working Vista32, Trojan.BHO,Trojan.Vundo, Adware.MyWebSearch, Worm.KoobFace,

Hello,ProfBFrom the Blue text above this forum,good choice.ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. McAfee virus scanner ?? is this an antivirus or something like HouseCall. If the first McAfee needs to be uninstalled.Let's run these next and see if there is more.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TD... Read more

Read other 11 answers
RELEVANCY SCORE 112

Hello,

I have tried many different ways to remove the infections present on my computer.
I will provide a brief history:

I use firefox (latest version) and began receiving popups constantly. Websites such as facebook or google simply wouldn't load (the page would remain on "contacting www.google.ca ..." and never load anything). Closing firefox completely and restarting it resolved the problem for a few moments, but the popups and freezing would continue.

I tried several programs and methods. MBAM identifies many risks (quick and complete scans performed) and removes most at the time of the scan, with the rest requiring a restart, which is always performed. On restart, I receive a rundll error stating that the dll name (i.e. defarewo.dll or zapezade.dll) cannot be located.

I downloaded AVG and allowed it to scan as well. While active in my task bar, upon opening firefox, one or several trojans are identified and I allow AVG to "heal", "remove" or "delete" them (there are different options depending on what is identified). Regardless, once in firefox the popups continue.

I have also attempted several protocols suggested on this website. I have started the computer in safemode with the program that suspends explorer and winlogon (the protocol states to suspend rundll32 as well, but that file is not listed on the screen). I then ran vundofix, which failed to locate it on the computer. Still in safemode I ran MBAM and several thin... Read more

A:Trojan.Vundo.H, Trojan.Agent, Rogue.Adware Alert (according to MBAM)

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 2 answers
RELEVANCY SCORE 111.6

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 111.2

Edited to add information from another topic that will be shortly deleted. ~ OBI had a quick question before I start backingup all my personal/doc/data/photo files.I have an external HD for backup, connected by USB. I haven't turned it on or backed anything up for a couple months (I know lazy), so hopefully its hasn't had a chance to have any infected files on it yet. If i turn it on while its still connected to infected computer what is chance the virus/trojan will transfer to external hard drive?and along the same concept, if i start copying over photos and other personal files to the external hard drive how do I know i'm not copying over the virus/trojan with it?End of added information. ~ OBMy computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop that was infected with lots of virus/Trojan/adware/malware. Its mainly for home personal use (our only computer) but I also telecompute for work sometimes. I haven't been able to backup all our personal files, so I'm trying to avoid rebuilding the whole machine if possible.I've already run, cleaned infected files and run again and received clean slate now from Avast!, MBAM (quickscan) and SuperAntiSpyWare (complete scan).here's my original post in the "Am I infected forum?"http://www.bleepingcomputer.com/forums/t/192399/win32monder-gbtrj-win32trojan-genother-adwarepopcap-trojanvundo-trojanagent-and-more/The computer seems stable now. I can load up the computer without a problem. But after reading this forum and the ... Read more

A:Seneka Rootkit, Monder-GB, Trojan.Vundo, Adware.PopCap, Trojan.Agent, Malware.Trace

Hello, Lex H to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirrorThis is a Secondary mirrorThis is a Secondary mirrorClose any and all open programs, as this process may crash your computer.Unzip the downloaded file to your desktop.Double click on your desktop.Allow the gmer.sys driver to load if asked.You may see this window. If you do, click No.
Click on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the contents of that file in your next post.In your next reply, please include the follow... Read more

Read other 13 answers
RELEVANCY SCORE 111.2

I have Norton Antivirus, when I do a complete scan in safe mode (restore disabled) it finds no virus and no threats. As soon as I restart in normal mode it finds the 3 virus's mentioned above. Now i'm getting web pages pop up directing me to a new anti virus web sights. I also get a fake look-alike microsoft warning in my task bar near the clock(lower left of screen) saying i need to scan my computer for virus's. Then it trys to sell me software to remove virus's. Thank you for anything you can do. this is very frustrating. DanLogfile of HijackThis v1.99.1Scan saved at 7:21:59 AM, on 2/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\CO... Read more

A:Infostealer, Trojan.vundo, Trojan.busky, Adware Purityscan

Welcome dan9125 Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary. If you run Hijackthis from the desktop, the files it removes will not be backed up properly.******************************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.******************************Then go to C:\HJT\Hijackthis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply,along with the Smitfraudfix report.

Read other 28 answers
RELEVANCY SCORE 111.2

Hello everyone! MY COMPUTER: Windows SP2 fully updatedHP Pavilion a1330nAMD athlon 64 3800+addons: ATi Radeon x1600Pro Creative Soundblaster SB X-FiMY PROBLEM: I have been infected with Trojan.Vundo, Adware.Ezula, and Trojan.Metajuan sometime in the last two weeks. I am not sure how this happened and there are other people here in my house who use this computer so I don't know the exact date of infection. For starters here is an overview of the symptoms: whenever I open up IE an additional unwanted window appears with whatever advertising garbage, sometimes when I am havent opened a new window an unwanted popup will apear, and other times when I am working in an IE window something "deselects" it and tries to popup a new unwanted window (for instance I will be writing something online and my keystrokes will stop appearing on the screen because something selects another window. I am only relating all of this because of the chance that I have some other trojan etc. than what I stated above. Another thing to note is that my system processes have risen from before the infection to after. Also in my startup manager utility list in my TuneUp Utilities 2007 has doubled for some reason I'm not sure why. WHAT I HAVE TRIED: I have turned off my System Restore. I have both Norton Internet Security and Norton AntiBot, I have scanned multiple times with NIS using the updated definitions. The strange thing is that Norton is detecting and blocking these infections but not eradica... Read more

A:Infected With Trojan.vundo, Adware.ezula And Trojan.metajuan

Hi,Start first with this free tool:Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files,
click YESOnce you click yes, your desktop will go blank as it starts removing
Vundo.When completed, it will prompt that it will reboot your computer,
click OK.Please post the contents of C:\vundofix.txt
.................

Next, run also this free tool and post the log it makes as well please.
Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Double click on combofix.exe & follow the prompts.
[list]When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 16 answers
RELEVANCY SCORE 111.2

Background of the PC:

the system was bought about 4 years ago and my sister used to download files from kazaa with it, but then they said it crashed, and it's never been used until this summer when I did system recovery to it.

The Problems:

-As soon as it was connected to the internet, malwares attacked (especially the online security guide and live safety center), but it doesn't do that anymore now. I tried following suggestions of other sites on how to clean up the pc of these nasties but I think it just got worse...

-The installed Norton Antivirus keeps picking up Trojan.Vundo, Adware.Ezula, and Downloader.MisleadApp via Autoprotect at varying risk levels. When I do full system scans, the system is said to be 'secure' except for a tracking cookie it picks up.

-Internet browsing remarkably slowed down over the months. Random pages pop up while browsing. Start ups and shutdowns are also very slow.

-Before, as soon as the pc is connected to the internet, the desktop icons and taskbar just vanish, but recently, it seems as if it just refreshes

-Recently, a page would just pop up then a window would say 'Internet Redirection you are about to be redirected to a new internet site', or if I open 3 IE windows, one would freeze up, then if I close the page that's not responding, all of the IE windows close.

So, I did:

Step #1: none of the listed programs were found on the add/remove programs

Step #2: panda scan:

Incident ... Read more

A:constant popups, antivirus picks up trojan.vundo, adware.ezula, downloader.misleadApp

Hi astonishia01

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download ComboFix


Alternate Link

and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

===============================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

===============================================

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "... Read more

Read other 1 answers
RELEVANCY SCORE 110.4

Hi, I need some help removing a Trojan Vundo and Trojan Generic that i cannot seem to find anywhere on my computer. Ive been looking for a while now and cannot find them. My Trendmicro antivirus cannot find it either. If any1 could give me instructions on what i should do it would be greatly appreciated. Im running windows XP and have a dell XPS 200.

The virus is causing a mass amount of pop-ups when im browsing the internet and making my computer run slower. It is also causing my computer to somtmes freeze up on me when a pop-up comes on the screen.
Thanks in advance,
Defect
Oh also the popup i get a lot is this winfixer or winantivirus. Dont know if that can help at all.
 

A:Solved: Trojan Vundo, and Trojan Generic

Read other 14 answers
RELEVANCY SCORE 110

Hi,

I did a Nortan scan and It found these 3 but can't quaranteen them or clean them. I've seen many people here do something with a Hijack this or something. This is my first time here so please help me get these off my system.

A:Trojan.vundo, Downloader And Trojan Hours Help

Do you have Norton scan full version?

Read other 23 answers
RELEVANCY SCORE 109.2

I've been infected for over a month and only seem to be going from bad to worse. I ran SuperAntiSpyware Free Edition and it listed a lot of trojans. I seem to have got rid of a lot of the trojans but two of them when I try to delete it off the results page I get the blue screen of death telling me a memory system error has occurred, and they are called adware gudmun resident and trojan downloader new juan vm, both have files and seem to have each affected parts of my memory because SUPERAntiSpyware Free Edition list a file name and memory processor under their name. Also after I deleted a few things off the results page I now get these two messages upon my desktop loading "RUNDLL Error loading C:\WINDOWS\system32\neburufo.dll the specified module can not be found" and "RUNDLL Error loading C:\WINDOWS\system32\lefizuvo.dll the specified module can not be found".

As for the actual problems on my computer. I keep getting pop ups, telling me that I'm infected and it needs to run antivirus 2009, antivirus 360 etc, it always lists a different 'spywaye program' and it tells me to hit ok or cancel but if I hit either button it directs me to some website. It happens frequently so even if I just have one window open by the time I know it I have 7 extra windows open with nothing but a fake spyware message up with that warning. I bought Norton 360 Premier Edition from Fry's and installed it. I ran it once and it was working fine but af... Read more

A:Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 63 answers
RELEVANCY SCORE 108.8

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 107.2

hi other day used pc and the IE browser got infected, now it doesnt work, there are adverts all the time and cant search for anything without being redirected to other websites. Ive tried using superantispyware but wont scan completely as it restarts the pc, tried avg , norton an a few others and nothing. Here are the logs as follows.Deckard's System Scanner v20071014.68Run by steve on 2008-07-17 19:05:07Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as steve.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:05: VIRUS ALERT!, on 17/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:&#... Read more

A:Adware.vundo Variant/resident And Trojan.vundo-variant/small-gen

Hmm wondering if i posted this in the correct forum section

also if wondering why it say steve i am posting here on my clean comp, the dell is the infected one and belonged to my m8 called steve lol

Read other 11 answers
RELEVANCY SCORE 106.8

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 106.8

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers