Over 1 million tech questions and answers.

Trojan Horse BHO.BMB BHO.BLD in ..\system32\avifilep.dll

Q: Trojan Horse BHO.BMB BHO.BLD in ..\system32\avifilep.dll

I got a nasty virus last saturday. AVG says its avifilep.dll a Trojan BHO.BMB. I have also gotten a warning for BHO.BLD
These files gets quaranteed in avg ...\temp\sch16.dll ..\161.dll ..\163.dll ..\165.dll ..\166.dll ..\168.dll ..\169.dll

Every start up follows with a windowswarning that file..\system32\NvCpl.dll and \NvMcTray.dll cannot be located.

The files that accompanied the avifilep.dll was also cnbjmono.dll, cmbjmono.dll.bak, dsseca.dll, libssl32.dll, libeay32.dll, cdtool.dll, wsil32.dll


HIJACKTHIS LOG as follows
Logfile of HijackThis v1.99.1
Scan saved at 16:39:52, on 2007-10-10
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\Program\WinRAR\WinRAR.exe
C:\DOCUME~1\Silent\LOKALA~1\Temp\Rar$EX00.609\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L?nkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23898304-25B7-4097-BE77-729CDC1918EC} - C:\WINDOWS\System32\avifilep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C246A7E5-35D3-42C7-8060-3620738802CC} - c:\windows\system32\cnbjmono.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program\Save\Save.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe
O20 - Winlogon Notify: pbipvssw - C:\WINDOWS\SYSTEM32\cnbjmono.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

WHAT TO DO/ PLEASE HELP!!

RELEVANCY SCORE 200
Preferred Solution: Trojan Horse BHO.BMB BHO.BLD in ..\system32\avifilep.dll

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan Horse BHO.BMB BHO.BLD in ..\system32\avifilep.dll

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 15 answers
RELEVANCY SCORE 67.6

Hi... Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here. Here is the link: Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll), This will not go away no matter WHAT I do!!!Here's a summary of where I started and where I am now:I am utilizing AVG antivirus as my main AV. I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program. The problem is that AVG keeps locating a virus and lists the following: OBJECT: C:\Windows\System32\compstu.dll RESULT: Trojan horse Generic8.YAF STATUS: Infected. I downloaded MBAM and utilized it. This did clean out the "house" however, it did not see the compstu.dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process. The file ALWAYS comes back. The AVG error that pops up is "Threat Detected! While opening file: C:\Windows\system32\compstu.dll Trojan horse Generic8.YAF.The file has also been identified as Trojan. Download-Gen/N_BHO by another of my programs. Since my original post, SAS, ATF, and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others. Many of the logs would come up clean one time and then dirty the next with various registy entries, and of course the ever prese... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the la... Read more

Read other 13 answers
RELEVANCY SCORE 66.4

Hey guys,
I have a trojan horse , which has affected my computer. I have avast! anti-virus software which has deleted one , but now i have found out i have one in:
C:\Windows\System32
which is a important part , right?
should i delte it!?
im so confused!!
PLEASE HELP ME!!
love love love
becky
 

Read other answers
RELEVANCY SCORE 66

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 65.6

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1
RAM: 3003 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 5 Mb
Hard Drives: C: Total - 226084 MB, Free - 157601 MB; D: Total - 12188 MB, Free - 2053 MB;
Motherboard: Hewlett-Packard, 3612
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

AVG alerted me of a Trojan Horse in the system32/services.exe
I was not able to remove or quarantine the virus. If you have any ideas please let me know.
Thanks

Here are logs:
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Jakr\AppData\Roaming\Spotify\spotify.exe
C:\Users\Jakr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Fi... Read more

A:system32/services.exe TROJAN HORSE

Read other 16 answers
RELEVANCY SCORE 65.6

Hi,
I have Norton AntiVirus 2002 and it has detected a Trojan Horse virus in C:\WINDOWS\system32\req.dll, I have tried to delete the virus, but Norton will not delete it. I have also tried to delete the virus by going into Windows XP safe mode (while shutting off the system restore).

I have tried the Norton stuff but cannot get rid of the Norton warning that I have the Trojan req.dll

Basically I seem to have tried and searched everything!

Here is my log from HijackThis,

Any help is greatly appreciated. Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 5:22:00 p.m., on 08/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Microsoft Anti... Read more

A:Solved: Trojan horse in system32\req.dll

Read other 7 answers
RELEVANCY SCORE 65.6

Good evening,Have been running the computer now fine for about 2 years and now it seems like we have a trojan horse. It isn't a genuine original windows XP as far as i'm aware but i do have a registry key to make it think it is if this helps at all.Basically the problems are as followsAVG Antivirus brings up 2 popups every 5 minutes or so:1: C:\WINDOWS\system32\clbcatexf.dll - Trojan Horse BHO.CVX2: C:\WINDOWS\system32\dsoundl.dll - Virus identified obfustat.ABXYI wonder if anyone would be kind enough to help me Here is my hijackthislog:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:01:39, on 17/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\IVT Corporation&#... Read more

A:Infected With A Trojan Horse In System32

Hello chris_leech11 and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

Read other 1 answers
RELEVANCY SCORE 65.6

Hello,
When i turn on my computer my system32 folder pops up and soon after my Norton AntiVirus detects a Trojan Horse: C:\WINDOWS\system32\rdriv.sys
It is unable to fix it and I followed their site but have been unsuccessful. I was wondering if me showing you this log would be able to help me resolve this. Thank You.

Logfile of HijackThis v1.99.1
Scan saved at 11:43:19 AM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AI... Read more

A:HJT log: Trojan Horse and System32 folder

Hi and Welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We recommend that you subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please scroll up to the 1st post of this thread. Click Thread Tools and then Subscribe to this thread; on the next page, make sure "Instant notification by email" is selected, then click Add subscription.

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Please go to Windows Update website and download all the critical updates to help prevent further re-infection.

I suggest that you stop using Interent Explorer until we've fully disinfected your machine. Please download & use an alternative browser like Firefox.

Thanks.

Read other 2 answers
RELEVANCY SCORE 65.6

Hi,

An hour ago AVG reported a threat:

Trojan horse Patched_c.LXT

So I ran a full AVG scan, which found only the one (same) threat:

Trojan horse Patched_c.LXT
C:\Windows\System32\services.exe
Result: Object is white-listed (critical/system file that should not be removed)

AVG does not want to get rid of it, so what should I do next?
Help would be very much appreciated!
-Sean

A:Trojan horse Patched_c.LXT in system32

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 6 answers
RELEVANCY SCORE 65.6

Hello,

About 30 hours ago AVG detected a threat called Trojan horse Patched_c.LXT
Location: C:\Windows\System32\services.exe

Two other infections keep appearing when I scan with AVG:
Found Luhe.Sirefef.A (Deleted)
Location: C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe (17956)

Found Luhe.Sirefef.A (Infected)
Location: C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe (17956):\memory_00540000

Apart from slowing down my computer as a whole (not too significant, but noticeable), many sites (google.com, imgur.com, photobucket.com) are not accessible by Google Chrome because Chrome claims the websites do not have a valid certificate.

I am running Windows 7, 64-bit.

I would really appreciate help in getting rid of this!

Thanks,
Sean

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Sean at 19:14:55 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1109 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\syst... Read more

A:Trojan horse Patched_c.LXT in system32

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 10 answers
RELEVANCY SCORE 65.6

So my antivir software keeps showing me this warning that says
"C:\WINDOWS\SYSTEM32\XOD.DLL

Is the Trojan horse TR/Agent.CS.4"

and then nothing works, I cant delete, wipe, move it, nothing, so I downloaded hijack this and ran a scan, here is the log

Logfile of HijackThis v1.99.1
Scan saved at 3:48:30 AM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Progr... Read more

A:Ive got a trojan horse in my system32 and dont know what to do...

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\... Read more

Read other 5 answers
RELEVANCY SCORE 65.6

I've got 2 problems which may or may not be related:

I have a trojan horse in WINDOWS\system32\cdsm32.dll, which Norton Antivirus is unable to repair.

And, I can no longer use my Epson 1250 scanner because I keep getting a message that TWAIN is not installed. But no matter how many times I re-install it from the CD, it still doesn't appear. Is the .dll file one that is necessary to get TWAIN to install and run?

So, how can I repair or replace the .dll file (or should it just be deleted?) and how can I get TWAIN back on my computer?

A:Trojan horse in system32\cdsm32.dll

Hi..
You could try to reinstall your scanner driver from your disk but if that fails to work....

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

Read other 1 answers
RELEVANCY SCORE 65.6

Hello,
Today AVG sad that it was infected with a trojan horse Patched_c.LTX and AVG was unable to remove it becase it is a whitelisted destination. I found one of the earlier topics where you helped someone with the same problem but it is a bit hard to follow for my variation. Please help as I need that computer urgently.

Thanks,
SniprUK

I am running Windows 7 Home Premium 64 bit. It is an Intel based machine.

A:Trojan horse Patched_c.LXT in system32

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 23 answers
RELEVANCY SCORE 64.8

Norton finds this trojan horse but it can't remove it. I can manually delete the file but it just automatically comes back. The VundoFix doesn't find any viruses. Heres my log, theres an 020 entry with this dat file in it.

Logfile of HijackThis v1.99.1
Scan saved at 11:10:15 AM, on 10/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fantasysports.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVer... Read more

A:C:Windows/System32/Sulimo.dat Trojan Horse

Read other 6 answers
RELEVANCY SCORE 64.8

The AVG detected Trojan Generic on my computer.

After moving it to the valet, the C:/winnt/System 32 was damaged and I can't open the Explorer or use the internet in any other way.

PLEASE you suggestions for help

Riki
 

Read other answers
RELEVANCY SCORE 64.8

Hello, thank you for taking the time to read my issue.
 
On scanning my computer with AVG 2015 free edition, early in the scan it detects threats, not long after detecting these threats I get a notice saying that my PC will restart in 1 minute due to windows running into a problem.
 
Before restarting I get another notice titled “ctfmon.exe-System Error” which says:
 
“Exception Processing Message 0x0000005 Parameters 0x7ff9450d1d28 0x7ff9450d1d28 0x7ff9450d1d28 0x7ff9450d1d28”
 
The parameter parts in bold are different each time.
 
Windows subsequently restarts before AVG manages to complete the scan. Despite using tdskiller, rkilll, Adwcleaner, Malwarebytes and windows defender, AVG is still detecting the same threats followed by windows restarting.
 
System information: Windows 10 Home Version 1607 (X64)
 
 
Thank you for your help and all the work you guys do on this site.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by USER (administrator) on USER-PC (01-10-2016 20:26:44)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & DefaultAppPool (Available Profiles: USER & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-... Read more

Read other answers
RELEVANCY SCORE 64.8

Hello!
I have aproblem with a Trojan Horse (what AVG detected) or downloader( what Norton Antivirus detected) virus. But both antivirus program could not fix this file (C:/WINNT/system32/suphip87.dll) because" Access to the file was denied." Norton has also detected other files in the same folder that are infected with the same virus that AVG did not detect. Lately my computer has been getting many problems. I really need help !
My computer is Windows XP
 

A:System32 problem. a Trojan Horse virus?

Read other 16 answers
RELEVANCY SCORE 64.8

This computer is infected and it causes popups and plays music. When programs such as adaware and spybot sd are run they remove part of the trouble for a short period but it seems to reinstall. I have removed the computer from the internet until this problem is resolved. Here is the Hijack log.Please help. jmoore2.Logfile of HijackThis v1.99.1Scan saved at 12:37:14 PM, on 5/29/2007Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINNT\System32\NMSSvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Common Files&#... Read more

A:Trojan Horse In C:\system32\insnfo.dll Can't Remove

Welcome jmoore2

Please give me a little time to get back to you with instructions.

Thanks
Jamie

Read other 14 answers
RELEVANCY SCORE 64.8

Hi. I made the stupid mistake of deleting a system32 file(fad.sys), after my antivirus(AVG free) popped a notification telling me it was a Trojan horse. Now every time I get to the Welcome page, a blue screen shows saying "IRQL OT LESS OR EQUAL" and other stuff, like corrupted driver, then automatically restarts. I was wondering if someone can help me try and fix this, much appreciated. I cannot run Hijackthis because I am in Safe Mode; dds says to disable any inboard script blocking, but I don't know how to do that.
P.s. I have tried system restore(in Safe Mode), but when I come back, it says it was disrupted/couldn't finish.
I also have a picture of the blue screen if you wish to see it.
Thank you for any help!
 

A:Deleted system32 file with a Trojan horse

I fixed the problem.
 

Read other 1 answers
RELEVANCY SCORE 64.8

This appears in scans after using a CD that contains a user guide for a monitor I just bought-

c:\\WINDOWS\system32\drivers\cdrom.sys
Trojan horse Rootkit-Agent.EL

It's driving me mad, don't know how to get rid of it as AVG has it as "white listed". Any help would really be appreciated
 

A:system32\drivers\cdrom.sys trojan horse

Read other 7 answers
RELEVANCY SCORE 64.8

This computer is running windows XP and has AVG free. At startup displays a Resident Shield alert for multiple threats to file WINDOWS\system32\zehekilo.dll
Trojan Horse Generic 16.AAYX
If I try to remove the infections I get a warning that forced removal could case the system to not operate. How do I clear these infections?

A:WINDOWS\system32\zehekilo.dll Trojan Horse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 64.8

My AVG software keeps finding this, but I cant get rid of it. It is Trojan horse BHO.BLR found in system32/cfgmgr3.dll. Can anyone help?
Logfile of HijackThis v1.99.1
Scan saved at 11:34:43 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1139800874\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\Syn... Read more

A:Solved: Trojan horse BHO.BLR in system32/CFGMGR3.dll

Read other 13 answers
RELEVANCY SCORE 64.4

Hello!

This is my first post so bear with me. I am helping a friend with a serious virus problem.
Her operating system is Windows XP Home. She was using AVG antivirus protection. She kept getting antivirus messages about several different Trojan viruses. I installed a Norton Internet Security 2004 software and did a scan. It deleted 20 infections and 6 were quarantined. There was another 6 that we were to either choose to exclude in the next scan or skip. We chose exclude since we just were not sure what to do. We then got the message that there were still more viruses on the computer. The six we excluded were in files for Zango and Netscape. I reluctantly went into the registry and deleted any files related to those names. Also deleted Openme.exe file that I read was connected to the Trojan Horse virus.
At this point the only Norton message I was for Trojan Horse in the file C:\Windows\System32\ssqro.dll and it could not help with it.
I started another scan and at 72,000 files I had 2 viruses detected and 1 fixed. I was probably opening up to many other things at the same time and it locked up. I decided to
let it rest and myself.
Now I'm home and looking for some advise on how to deal with this Trojan Horse problem.
Can you please help?
Thanks much,
Putergal
 

A:Trojan Horse found in C:\Windows\System32\ssqro.dll

Read other 10 answers
RELEVANCY SCORE 64.4

AVG Virus Threat Detected While Opening file C:\WINDOWS\SYSTEM32|CTL3DV.dll Trojan Horse Generic 10.HET --- This keeps popping up on my CPU. I have Windows XP Home -- SP2 - AVG Virus Software.. I can got online and it pops up, I can explore any drive and it pops up. I have tried to heal file and it keeps coming back, Ive tried to delete file unable to do so, I have tried to move to vault. It tells me that the file has been healed sucessfully or that it has been move to vault sucessfully but it always pops back up the next time I go to do something. Every time that the virus program does a scan it shows that this file is infected and it Quaranteens it but it always comes back. I have pasted my HijackThis log file and my ComboFix log file below. Any help is greatly appreciated.Thanks Wilma HIJACKTHIS LOG FILELogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:51:14 AM, on 4/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system... Read more

A:C:\windows\system32|ctl3dv.dll Trojan Horse Generic 10.het

HiOpen notepad and copy/paste the text in the code box below into it:NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.Also .. Pay particular attention to this :-Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)File::
C:\WINDOWS\SYSTEM32\CTL3DV.dll
C:\WINDOWS\system32\drivers\dajebtxt.dat

Driver::
rrcvuekm

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95BDC0E4-630B-44AB-A7FA-48E528543F6C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"p2pnetwork"=- Save this as "CFScript.txt"Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below. This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.let me know if this resolves your problem ?steam

Read other 28 answers
RELEVANCY SCORE 64.4

AVG found this trojan and supposedly removed it but it is still there I think. I also have McAfee Security Suite and when I ran a scan with it before the AVG scan it did not find it, but 2 days after AVG said it removed it McAfee popped up saying it found it on opening and I had to reboot to remove it. I think it is still there now anyway. Firefox has been acting extremely slow at times recently as well.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Rick Sutton at 15:49:17.07 on Fri 02/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.660 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScri... Read more

A:"C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ"

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 18 answers
RELEVANCY SCORE 64.4

Hello,

I have been searching everywhere for a fix for my problem but I could not find a fix easy enough for me.
An IT friend of mine suggested I should come in here as here are the most knowledgeable people around and I should seek help.

I have this virus and tried everything to remove it but I get this message saying that it can not be removed.I think I got infected when I clicked on a small window that look like a Flash update notice.

I am running Windows 7 Ultimate 32 bit OS with Service Pack 1 and AVG 9. I will upgrade to 12 if this would help.

Can you please give me some directions in how to get this virus removed? I would really appreciate it.

thanks in advance.
Felix

A:Trojan horse Patched_c.LYU in Windows/System32/services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 31 answers
RELEVANCY SCORE 64.4

Hey there... I am utilizing AVG antivirus as my main AV. I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program. The problem is that AVG keeps locating a virus and lists the following: OBJECT: C:\Windows\System32\compstu.dll RESULT: Trojan horse Generic8.YAF STATUS: Infected. I downloaded MBAM and utilized it. This did clean out the "house" however, it did not see the compstu.dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process. Also of note, I started Windows in safe mode and ran MBAM as well as my AV program but I am still getting the box popping up telling my there is virus warning giving me the same info I gave above. When I try to heal it or move it to the vault the computer says it needs to be rebooted to complete the operation. The only problem is, that no matter how many times I reboot the system the file is always there when I come back. Can anyone PLEASE help me out with this problem? It seems to be the last barrier to a nice clean computer home!!! Thanks in advance for any and all help!Buggy in Florida

A:Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll)

Try a scan with SuperAntiSpyware in Safe Mode. You'll have to download, install it and update the definitions in Normal Mode first.

Read other 31 answers
RELEVANCY SCORE 64.4

I recently got a High Risk Trojan Horse threat alert from Norton Antivirus(C:\WINDOWS\System32\winuns32.dll).Norton tells me to fix the windows registry but doesnt specify what needs to be erased. I tried this and other things like editing the win.ini file but it hasn't worked out. This alert happened last week and since then my computer crashes randomly whenever I run programs.

Also keep getting pop ups such as fixregnow.com, but they seem fake. So I decided to search elsewhere and I found HiJackThis.

Here is my Log file.


Logfile of HijackThis v1.99.1
Scan saved at 5:35:57 PM, on 29/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\N... Read more

A:Trojan Horse C:\WINDOWS\System32\winuns32.dll - Log File

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Download KillboxSave it to your Desktop.
In the event you already have Killbox, this is a new version that I need you to download.
Double-click on Killbox.exe to run it.
Select Delete on Reboot.
Click on the All Files button.
Copy the words below (blue) by highlighting all of them and pressing Ctrl + C on your keyboard.

C:\WINDOWS\SYSTEM32\winuns32.dll

Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the Unregister .dll Before Deleting button.
Click the red-and-white Delete File button. Click Yes when prompted to restart your computer.
NOTES : If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
=====================================

Reboot into Safe ModeRestart your computer.
Before the Windows logo appear, tap F8 repeatedly.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This... Read more

Read other 15 answers
RELEVANCY SCORE 64.4

Hope someone can help,

Computer specs:
Acer TravelMate 6291,
Microsoft Windows XP Professional Version 2002, Service Pack 2,
Intel® Core™ 2 Duo Processor T5500 @ 1.66 GHz, 667MHz FSB,
2 MB L2 Cache, 0.99 GB RAM

AVG anti virus keeps alerting me of an infection when Windows starts. AVG resident Shield detection shows the following;

Infection: Trojan horse Clicker.ABCT

Object: C:\WINDOWS\system32\ceuklnrc.dll

Process:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe

(manual deleting and anti-virus scans in vain, the files just 'respawn')

I also notice that my modem starts to Upload(~10kB/s) and Download(~20KB/s) even without Firefox or any updates running.

Windows task manager shows ~4 processes of svchost.exe when Windows stars and ~11 processes with high memory usage after 2hours, seriously lagging my laptop.
My available security & Maintenance softwares are:

- AVG Anti-Virus (Free Version)
- Spyware Doctor (Trial)
- Free Registry Error Cleaner
- CCleaner
Log file from HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:59 PM, on 9/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svch... Read more

Read other answers
RELEVANCY SCORE 63.6

MalwareBytes and AVG show that system is clean when scanned. However I get an AVG pop up that states that this file, c:windows/system32/drivers/ipec.sys, has been isolated. I connect to the internet through a wireless connection. Status shows connected but browser unable to connect. System is XP Home. Dell Optiplex DIM3000, Pentium 2.80GHz 2GB RAM.
What should I do??
Thank you

A:c:windows/system32/drivers/ipec.sys trojan horse hider

DownloadSystem lookCopy this script
:filefind
ipsec.sysPaste it in the BOXClick on LookPost the log

Read other 29 answers
RELEVANCY SCORE 63.6

I have 2 issues .
1)
My AVG internet security resident shield regularly comes up with an alert stating that a threat has been detected . It says :
File name : c:\Windows\System32\services.exe
Threat name : trojan horse patched_c.LXT
detected on open.

beneath this box there is usually a button which will move the malware into the "virus vault " . But in this case there is nothing but a button giving me the option to ignore the threat . AVG also finds this same malware during the whole computer scan , but because services.exe is a system file AVG says that the file is "white listed" and so AVG just ignores it . AVG first found the trojan on 04/08/2012. So far i have been unable to remove it .
I am running Windows 7 Service pack 1 64bit - therefore i have not posted a GMER log as advised in the instructions topic.

2) luha.sirfef.a
AVG said in the whole computer scan 2 days ago that it found luha.sirefef.a . I did another whole computer scan today and it could not find the luha.sirefef.a ( I have disconnected my laptop from the internet due to the luha.sirefef.a and services.exe trojan) . does this mean that the virus is gone? I am a bit suspicious as i had not taken any steps to remove the sirefef other than deleting a registry file that was mentioned to be malicious on many websites
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "Certoficate Revocation"... Read more

A:infected with a "Trojan horse patched_c.LXT" in c:\Windows\System32\services.exe

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 31 answers
RELEVANCY SCORE 62.8

Hi!

AVG keeps telling me it's there but i cannot get rid of it.

This is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:17:34, on 2008.01.12.
Platform: Windows XP Szervizcsomag 1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vánky Sebastian\Asztal\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {428E1D25-D845-46FB-969... Read more

A:Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

Read other 16 answers
RELEVANCY SCORE 62.8

Hello dear staff,

I've been having security issues. AVG antivirus keeps warning me about a threat C:\WINDOWS\system32\drivers\ndis.sys - Trojan horse Rootkit-Pakes.AA
It cannot remove it.
Also, after the scan on the reboot windows loads normaly but very very slow. The processor is on 100%
But if i interrupt the scan on the boot windows starts normally, the processor works fine.

Safe mode loads very slowly, using up 100% of the processor.

I have this problem for a long time (2 moths) but did'nt have time to take kare of it.
I was wandering if you could advise me what to do.
Thank You in advance
 

Read other answers
RELEVANCY SCORE 62.8

An AVG scan in safe mode is showing a Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sys

Other scans showed more concerns, See Attached DDS, GMER & TDDSSKIller scan results

Thanks much in advance!

A:Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sysAn

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 51 answers
RELEVANCY SCORE 62.8

SYSINFO:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1

POSSIBLE ISSUE W HighjackThis:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself...

HighjackThis LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:07:36 PM, on 6/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
C:\Users\Owner\Desktop\FXPRO\terminal.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\Owner\Desktop\SysInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\... Read more

A:c:\windows\System32\services.exec | Trojan Horse Dropper.Generic_c.MMI

Hi Charlesz and welcome to TSG. My name is Mark and I will be helping you.

Please provide the last log from Malwarebytes, then run another scan with it and post that log also.
Open Malwarebytes and click on the Logs tab.
Scroll down the list to find the relative scan dates.
Click on the entry and then click on Open.
Copy and paste the log into your next post.

Please run Malwarebytes and post the log as follows:

Open Malwarebytes and allow it to update with the latest definitions, then run a Quick Scan.
When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab .
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
 

Read other 3 answers
RELEVANCY SCORE 62.8

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

Hi guys,

I've recently done a AVG scan and found my computer was infected with "C:\WINDOWS\system32\drivers\atapi.sys";"Trojan horse Packed.Protector.C";"Object is white-listed (critical/system file that should not be removed)". I've tried, removing it, but couldn't as it is white-listed. Please kindly offer your advise. Thank you very much and ur help will be greatly appreciated.

DDS (Ver_09-12-01.01) - NTFSx86
Run by user at 0:40:46.28 on Fri 12/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2533 [GMT 8:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\lg_fwupdate\fwupdat... Read more

A:Infected with Trojan Horse Packed.Protector C in "C:\WINDOWS\system32\drivers\atapi.sys

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 62.4

Hello

I am in dire need of technical help. My system performance has been very slow.
My virtual memory is always low and the AVG detects the viruses namely
C:/windows/system23/cmcfg3.dll and Trojan Horse Downloader Delf.12.AN but
cannot heal or remove them. I am getting virus detected pop ups whenever I
launch the Internet Explorer. The following process names are infected:
1. C:/Windows/Explorer.exe
2. C:/Program Files/Internet Explorer/Iexplorer.exe

It takes a long time to boot up my system. Everytime it boots up, the time and date
resets to 10 AM 09/05/2020. I believe that there are a lot of applications that are
automatically loaded but I rarely need. Most of the time, I will be getting a message
of low virtual memory and sometimes out of memory. And during shut down, it takes
half an hour or more to complete it.

I am attaching the HJT log of my personal laptop that I ran last 05/15/09. If you need
me to run it again or use the DSS program then kindly inform me. Thank you in advance.

Regards

mhoji

A:Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an

Hello and welcome to the BleepingComputer.com! In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please post back and let me know if you're still experiencing problems and post the logs from RSIT:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)regards _temp_

Read other 17 answers
RELEVANCY SCORE 62.4

Hello I am having problems with a Trojan horse BackDoor generic10.ARRA virus. It is in my C:\WINDOWS\system32\avica.dll file. I have tried everything to get rid of it. I have spybot search and destroy, AVG virus protection, and hijackthis. AVG will detect the virus and try to heal it unsuccessfully and "put it in the vault" when it puts it in the vault it does virtually nothing because I constantly get the threat detection from AVG. I cannot manually delete the file because it always tells me that access is denied. I ever tried to go through the command center and delete it that way but it still denies me access. Here is my Hijackthis reportDDS (Ver_09-03-16.01) - NTFSx86 Run by Courtney at 22:33:22.15 on Wed 04/15/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.97 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k Lo... Read more

A:Trojan horse BackDoor Generic10.ARRA (file name)C:\WINDOWS\system32\avica.dll

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 7 answers
RELEVANCY SCORE 58

I am running windows 7 ultimate 32 bit and i installed avg internet security 9.0. i found this threat in my computer

\"C:\\WINDOWS\\system32\\drivers\\atapi.sys\";\"Tr ojan horse Rootkit-Pakes.U\";\"Object is white-listed (critical/system file that should not be removed)\".

I try to use malwarebytes and is says its clean.. but when i scan with virustotal.com, it detects a trojan... they say that this site can help me fix my problem. i don't now how to remove the trojan....

hope you can HELP me...

thanks....

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\drivers\atapi.sys

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 57.6

I am running windows 7 ultimate 32 bit and i installed avg internet security 9.0. i found this threat in my computer\"C:\\WINDOWS\\system32\\drivers\\atapi.sys\";\"Tr ojan horse Rootkit-Pakes.U\";\"Object is white-listed (critical/system file that should not be removed)\".I try to use malwarebytes and is says its clean.. but when i scan with virustotal.com, it detects a trojan... they say that this site can help me fix my problem. i don't now how to remove the trojan....I tried to follow the steps from your site but PROBLEM ABOUT ROOTREPEAL.. it cant run with my computer it shows DEVICE CONTROL ERROR and i dont know why... so i can only show you my DDShope you can HELP me...thanks....below are the results of my DDS and Result from my scan with VirusTotal.comDDS (Ver_09-12-01.01) - NTFSx86 Run by Admin at 14:43:42.50 on Thu 01/14/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.2937.1725 [GMT 7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windo... Read more

A:Windows 7 Trojan horse Rootkit-Pakes.U C:\WINDOWS\system32\d

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 2 answers
RELEVANCY SCORE 57.6

hello,

"C:\Windows\System32\services.exe, Trojan horse Patched_c.LXT, Object is white-listed (critical/system file that should not be removed)"

thats what it says on my avg scanner.

no idea how to remove it

help?

thanks!

A:c\windows\system32\services.exe Trojan horse Patched_c.LXT windows 7 OS

bump?

Read other 2 answers
RELEVANCY SCORE 56.4

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 56

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 56

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue ... Read more

A:Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 56

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers