Over 1 million tech questions and answers.

Is the Generic.dx!scr trojan responsible for my problems, or is it something else?

Q: Is the Generic.dx!scr trojan responsible for my problems, or is it something else?

My Computer:

Dell XPS 400 with DataSafe hard drive, which is supposed to be a combination of
Norton Ghost and a hidden second hard drive (RAID 1), but I do not have Norton
Ghost on my PC, by choice
Intel Pentium D 830 (3GHz)
1GB DDR2 SDRAM at 533MHz
256MB ATI Hyper Memory
DataSafe 160GB (Secured Storage and Data Recovery Solution)

Intel(R)
Pentium(R) D CPU 3.00Ghz
2.99 GHz, 1.00 GB of RAM

My System:

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

My Anti-virus: McAfee SecurityCenter

My Anti-spyware: Webroot Spy Sweeper

Hi.

I do not have Java on my PC because in the past, I caught a very bad virus
or trojan via a fake Java update. Also, I have Adobe Acrobat Reader 6.0,
with JavaScript disabled by choice, because I heard somewhere that that
version is less prone to trojan infection and that turning off JavaScript
in Adobe Acrobat is said to be safer.

For about six months, I've had this thing where my PC freezes for between
3 and 20 seconds while I hear a distant high beady sound, like that of the
PC quickly processing something.

For about a month, I've encountered the situation where I sometimes have
to click on something two (and sometimes three or four times) to get it
go. Also, when I click on a folder icon once, in order to rename it, it
opens the folder instead, which is supposed to only happen if I double-click.
And another odd thing is that highlighting text is often tricky, with the
highlighted area expanding to include letters and words I didn't select.
And the marquee tool in Photoshop doesn't always mark the area that I
started the cursor at, now.

On April 30, I accidentally clicked on a folder containing secondary
programs rather than a folder containing txt and jpg files, and a McAfee
Security Center warning came up, saying that a trojan had automatically
been removed. This was disturbing for two reasons: first, because
McAfee's last scheduled full system scan had been two days prior, and
second, because the trojan was identified as residing in flvplayer_setup.exe,
which is an installation program that has been on my PC for over a year
without any problem. The trojan's detection file name was Generic.dx!scr
and the process was listed as C:\WINDOWS\Explorer.EXE

At http://vil.nai.com/vil/content/v_265923.htm [a McAfee page] it says:

Generic.dx!scr

Type: Trojan
SubType: Win32
Discovery Date: 04/27/2010

Risk Assessment
Corporate User: Low
Home User: Low

Today, in McAfee Security Center, Reports & Logs > View Log > Internet & Network
I looked at the Inbound events and found something called SecurSight Event
Logging Server (SSL) from the following three Source IPs:

221.192.199.46
221.192.199.48
222.45.112.59

. . . generally every 5 to 30 minutes.

Tracing 221.192.199.46 found:
Person: Kong Lingfei, in Shi Jiazhuang City, HeBei Province, China
Tracing 221.192.199.48 found:
Person: ChinaUnicom Hostmaster, in Shi Jiazhuang City, HeBei Province, China
Tracing 222.45.112.59 found:
Persons: Jiang Xin and Ye Fengbin, in Hangzhou, Zhejiang, China [who also sent RingZero]

From the same IPs are coming TCP port scans, also generally every 5 to 30
minutes.

Another thing I found, dated today, is an event called
Pro Mail Trojan / Post Office Protoco - Version 3, from IP 218.78.209.235 and
McAfee says (among other things), "Home systems will rarely be running a mail
server. Usually, this port is often used by several Trojan programs."

Okay, getting back to the SecurSight Event Logging Server (SSL) events,
I googled Event Logging and went to http://en.wikipedia.org/wiki/Event_Viewer
and then to How to view and manage event logs in Event Viewer in Windows XP
at http://support.microsoft.com/kb/308427 which says, in part:

A Windows XP-based computer records events in the following three logs:

* Application log
* Security log
* System log

The system log contains events logged by Windows XP system components.
For example, if a driver fails to load during startup, an event is
recorded in the system log. Windows XP predetermines the events that are
logged by system components.

As suggested, I went to
Start > Control Panel > Administrative Tools > Computer Management > Event Viewer.
The Application and System subfolders had lots of stuff in them, while the
Internet Explorer, Media Center, and Security folders were all empty. Inside the
System subfolder, I found a lot of instances of:

Type: Warning
Source: Tcpip
Event: 4226
User: N/A

For example, the Warning appears on:

5/1/2010 at 3:04:00 PM [I was not at home then]
5/1/2010 at 4:19:41 PM [I was not at home then]
5/1/2010 at 6:53:16 PM [I was not at home then]
5/1/2010 at 7:50:04 PM [I was probably at home then]
5/2/2010 at 9:02:14 PM [I was at home then]
5/3/2010 at 9:11:16 AM [I was at home then]
5/4/2010 at 12:22:54 AM [I was at home then]
5/5/2010 at 2:29:50 AM [I was at home then]
5/6/2010 at 7:42:34 AM [I was at home then, asleep]
5/7/2010 at 7:20:37 AM [I was at home then, asleep]
5/8/2010 at 9:07:28 PM [I was at home then]
5/8/2010 at 10:23:00 PM [I was at home then]
5/9/2010 at 11:40:48 PM [I was at home then]
5/10/2010 at 1:32:20 AM [I was at home then]
[5/11/2010 had no Tcpip 4226 warnings at all]
5/12/2010 at 1:07:07 AM [I was at home then]
5/12/2010 at 1:52:27 AM [I was at home then]
5/12/2010 at 2:40:41 AM [I was at home then]
5/13/2010 at 3:20:16 AM [I was at home then]

When I double-click on any of the Tcpip 4226 warnings, a box comes up
with the Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp." target="_blank" class="wLink">http://go.microsoft.com/fwlink/events.asp.

I clicked on http://go.microsoft.com/fwlink/events.asp and it says there:

Details
Product: Windows Operating System
ID: 4226
Source: Tcpip
Version: 5.2
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.

Explanation

The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.

Establishing connection?rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.

User Action

This event is a warning that a malicious program or a virus might be running on the system. To troubleshoot the issue, find the program that is responsible for the failing connection attempts and, if the program might be malicious, close the program as follows.

To close the program

At the command prompt, type
Netstat ?no
Find the process with a large number of open connections that are not yet established.
These connections are indicated by the TCP state SYN_SENT in the State column of the Active Connections information.
Note the process identification number (PID) of the process in the PID column.
Press CTRL+ALT+DELETE and then click Task Manager.
On the Processes tab, select the processes with the matching PID, and then click End Process.
If you need to select the option to view the PID for processes, on the View menu, click Select Columns, select the PID (Process Identifier) check box, and then click OK.

I went to my PC's command prompt and typed Netstat -no and found no
problems.

I ran a McAfee anti-virus scan, and a Malwarebytes' Anti-Malware scan,
and a SUPERAntiSpyware Free Edition scan, and all that came up where
tracking cookies in the SUPERAntiSpyware Free Edition scan.

I ran DDS without a problem, but encountered a boatload of problems
trying to run GMER.

The first time I ran GMER, I cancelled its scan after a few minutes
because I realized that I might have unchecked the wrong boxes since the
gmer_screen2-1.gif would not open in Firefox for some reason. This
eventually caused the PC to lock up. Upon cold booting, I encountered a
blue screen with relatively large font white lettering that said:

A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: uxtdypob.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

[there was more on the screen, but I didn't write it down]

I restarted GMER and it ran for about an hour, and then the PC just
stopped: there was a black screen and the mouse and keyboard wouldn't do
anything, and yet the PC was still on. I cold-booted the PC.

After the re-boot, I went to the
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
page again to try to access the gmer_screen2-1.gif that is at
hxxp://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif and
for some odd reason, much of the PC froze up, and onscreen I saw that a
download has begun. More of the PC froze, so I had to cold-boot again.

Upon re-boot, a message near my systray said that all downloads had been
completed. I have no idea what the download was, so I did a Malwarebytes
Anti-malware scan, but the scan found nothing.

The next two times I tried running GMER, GMER ran for about an hour or so,
and then the PC re-booted itself spontaneously. I was in another room
each time the re-boot occurred, so I did not actually witness the point
at which it happened either time.

I then re-booted to safe mode and ran GMER. GMER ran for about two hours,
and then the PC spontaneously re-booted.

So, I am here submitting the initial GMER scan, since I can't seem to get
a complete one.

I used System Restore to return to a point prior to when the unknown
download had occurred. I then ran a fresh DDS, which I am submitting here.

I don't have a Boot CD, but I have access to a Windows Install disc and I
have all of my PC's drivers and programs on factory disc because when I
first started up my PC out of the box on the very first day I got it,
Norton Ghost 10 (which I have since learned was very buggy) caused the PC
to freeze up so badly that Dell offered to either send me a new PC or
sent me all the installation discs to reformat the PC. I opted for all
the installation discs, because I otherwise wouldn't be able to re-format
again if anything else ever went wrong.

I am really not all that tech savvy. I never took computer science in
school, and I taught myself most of what I know. Any help that you would be
able to provide would be much appreciated. Thank you.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Steve at 9:44:19.39 on Fri 05/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DLCCCATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,[email protected]
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\rkl7k34w.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/recreation/outdoors/hourbyhour/02130?from=36hr_topnav_outdoors
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-2 29808]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-23 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-23 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-23 144704]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-4-23 1201640]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-23 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-23 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-23 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-23 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-23 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]

=============== Created Last 30 ================

2010-05-14 13:17:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-14 13:17:00 8212 ----a-w- c:\windows\mfebcdata

==================== Find3M ====================

2010-05-06 18:28:48 41432 ----a-w- c:\docume~1\steve\applic~1\wklnhst.dat
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 17:17:52 40856 ----a-w- c:\docume~1\steve\applic~1\GDIPFONTCACHEV1.DAT
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
1999-11-12 22:30:54 4880 ----a-w- c:\program files\mplayer2.exe
2009-10-14 03:45:14 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-03-17 08:10:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031720090318\index.dat

============= FINISH: 9:45:02.54 ===============

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Is the Generic.dx!scr trojan responsible for my problems, or is it something else?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 58

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 56.8

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

Read other 2 answers
RELEVANCY SCORE 56.4

I'm Having a problem with Trojan Generic.

I'm Running Norton 2007 (Which Failed Epicly) but got detected by a free version of spyhunter.
Unfortunately free means you can't delete it.

Here is my logg:

Logfile of HijackThis v1.99.1
Scan saved at 1:48:24 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Common Files\Symantec Shared\Securi... Read more

A:Trojan.Generic Problems

Read other 16 answers
RELEVANCY SCORE 56.4

I took my laptop to BestBuy and had them do a Black Tie cleaning and yearly cleanup for $120. They claim that they can remove these 2 items for $200 more. I would rather do it myself or get a new laptop. Here is the requested info.DDS (Ver_10-03-17.01) - NTFSx86 Run by Bob at 14:27:29.25 on Thu 06/10/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2045.973 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGro... Read more

A:2 problems trojan.gen and Mal/Generic-A Please Help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 15 answers
RELEVANCY SCORE 56

Hi thereSo I launched Firefox earlier and received the problem - missing component nssutil3.dll. Originally my BitDefender was working fine and dandy, and picked up a Trojan or two centered around this file, of which it quarantined. Thinking it might be helpful if I do a system restore, I did one to a couple of days previous but on reboot, my anti-virus has stopped running properly and refuses to enable real-time protection or firewall and firefox will not load at all. not even in safe mode.The only thing I've done since last night is to install some windows updates as I turned the PC off! I don't understand this at all! Have I been Hijacked perhaps???Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:39:28, on 17/04/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\windows\system\hpsy... Read more

A:problems following trojan.generic.1607990

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

Internet explorer keeps re directing to adware sites.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:56:39 PM, on 7/4/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask .exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files&... Read more

A:trojan horse psw generic 8 cwn causing problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 21 answers
RELEVANCY SCORE 54.8

Good afternoon,

I have a user's laptop that has ongoing trojan horse and adclicker problems. Symantec says it deletes them, and I remove all temp/internet files/cookies, but it keeps coming back. I also removed 12 installed games off this PC along with a screensaver installer. I am not sure where my user got this application.

I have attached files from Symantec for review since there are many trojans on this system.

This is my first time using a post, so please forgive any forgotten information. I followed the directions. Any assistance would be greatly appreciated!

Thanks!
Leslie

Deckard's System Scanner v20071014.68
Run by wellslt on 2008-07-16 14:14:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-07-16 19:14:40 UTC - RP153 - Deckard's System Scanner Restore Point
43: 2008-07-16 18:24:26 UTC - RP152 - Software Distribution Service 3.0
42: 2008-07-16 18:03:52 UTC - RP151 - Software Distribution Service 3.0
41: 2008-07-15 20:05:15 UTC - RP150 - System Checkpoint
40: 2008-07-14 17:43:00 UTC - RP149 - System Checkpoint


-- First Restore Point --
1: 2008-04-16 15:53:03 UTC - RP110 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.65 GiB (less th... Read more

A:Generic Trojan Horse and AdClicker Popup Problems

Greetings wellslt and Welcome to the Forums,

Is this a St. Louis University computer or are you using their server? By the way, that's my old school...I miss those late night meetings at Bogarts!

The version of Java you have is known to have been exploited.
Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web
browser.

2. Click Start-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:C:\Program Files\Java <=this folder if found

5. Then go to this page.
Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

6. Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement", then click Continue...The page w... Read more

Read other 18 answers
RELEVANCY SCORE 53.6

A few days ago mcafee picked up the following trojan and "cleaned" itUploaded with ImageShack.usI ran sas/malwarebytes/mcafee all via safemode and eventually came up clean, although this keeps recurring. laptop is very slow now, seems to be constantly trying to process somethingSince this happened not been able to run windows live messenger on the machineHave run dds and logs can be found below, gmer kept crashing thoughDDS (Ver_10-03-17.01) - NTFSx86 Run by Paddy at 23:01:05.64 on 22/06/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_19Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2812.1567 [GMT 1:00]SP: Windows Defender *enabled* (Updated) /coloro9SP: SUPERAntiSpyware *disabled* (Updated) /coloro8============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\System32\svchost.exe -k CognizanceC:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exec:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeC:\windows\system32\svchost.exe -k rpcssC:\windows\system32\Ati2evxx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:&#... Read more

A:Repeated trojan infect. mcafee finds/cleans generic.dx!szk, possible other problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 26 answers
RELEVANCY SCORE 52.4

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files ... Read more

A:Infected with Win/Heur, Downloader.generic Trojan and Backdoor Generic

Please close this post. Problem has been fixed.

Read other 2 answers
RELEVANCY SCORE 52.4

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

Read other 2 answers
RELEVANCY SCORE 52.4

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

Below is my DDS. Please help!

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\Photos... Read more

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 14 answers
RELEVANCY SCORE 50.8

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.in... Read more

A:Trojan generic 11zne and generic arly

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 7 answers
RELEVANCY SCORE 50.4

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 49.6

Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again.

I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.
These are the files:

C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
Trojan horse Generic11.AV
C:\System Volum... Read more

A:Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

Read other 9 answers
RELEVANCY SCORE 49.2

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

A:generic.dx and generic downloader.dx Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 6 answers
RELEVANCY SCORE 49.2

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Fi... Read more

Read other answers
RELEVANCY SCORE 46.8

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:36:39 PM, on 8/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\tos... Read more

A:Trojan Agent, Trojan Fake, Trojan Generic

HiDisable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a ... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

I keep getting a popup from Kaspersky with a Trojan quarantine in
C:\Users\Counter\AppData\Local\Google\Desktop\Install\{8976561d-a35d-8b9e-33b1-ec150b61a5be}\â¤â‰¸â‹™\Ⱒ☠â¨\‮ﯹ๛\{8976561d-a35d-8b9e-33b1-ec150b61a5be}\U\[email protected]
 
This just started all of a sudden, I have ran a virus scan with Kaspersky and Mailware bytes and both come up empty. When i try to delete that directory or uninstall Google Desktop it will not let me. I get the popup warning every few minuets. I am running Windows 7.
 

A:detected: Trojan program 'HEUR:Trojan.Win32.Generic' (modification)?

Looks like it may be being protected in it's location.. We need a deeper look. Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

Read other 1 answers
RELEVANCY SCORE 46.8

Malwarebytes detected the the Happili trojan today and and asked that I reboot. I did but am still getting redirected in Google searchs. I also scanned with AVG and it detected "Trojan Horse Generic 28.AFXS. There may be some other trojans also as this is the 4th trojan inssue I have had with this computer since Nov 2011. I paid a pc service firm to fix the issues back in November. I then got another infection in January and April that I believed I fixed on my own. I can post some of those trojan names if needed by going back to the old logs. I attemped to fix this issue on my own today by running TDSS Killer and Trojan Remover from simply super software. This product was installed when I paid to have it fixed in November but I am still getting redirects. These issues just began about 3 days ago. I also noticed the PC repair firm I fixed the first issue used the Combo-fix program as there is still a Qoobox folder in the c drives root directory. However they must have uninstalled the combo fix program itself. I will also need to know how to remove the Qoobox folder. My log and attachement are as follows:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Aaron at 23:32:36 on 2012-06-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2276 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17... Read more

A:Infected with Happili trojan / Google Redirect & Generic 28.AFXS Trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 23 answers
RELEVANCY SCORE 46.4

Quick background - My young teenage son clicked on pop-up for Duck Hunt. He told me after he clicked popup he got message that "something" was being installed but he couldn't stop it. And now I am infected with some kind of virus.

I ran full scan on my McAfee, rebooted when it told me to and ended with the log showing following infections on my computer:

DNSCharger.r (Trojan); Generic FakeAlert.k (Trojan); FakeAlert-SpywareGuard.gen.b (Trojan). Major location of them appear to be in c:\windowns\system32 - with different dll files. There is also message about unwanted program (log's words) SetupGamevance[1].exe in Temp Internet files\Content.IES
(I'm not sure if you need the actual path but if so I can enter them). I just can't seem to copy and paste the info or print the log out.

All are showing in the log as "cannot be removed" except for the Gamvance which shows as "cannot be repaired" and McAfee did not or cannot quarantine them.

I know that at least one of them is trying to redirect me on google search. This is what clued me in to what happened, when I was looking for a site and it tried to tell me it was at a different address from what I remembered. I'm not sure what the others will do.

Is there something I can do to get these off my computer? Can some one help me?

I am running Windows XP Home Edition Version 2002 Service Pack 3. I have an Emachine T3104. Not sure what other info I need to ent... Read more

A:Infection - DNSCharger.r (Trojan), Generic FakeAlert.k (Trojan) and SetupGameVance.exe

Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

Read other 12 answers
RELEVANCY SCORE 46.4

Hi,
My computer has really slowed down ever since I got these viruses. It also crashes randomly and gives me a blue screen. I tried to do a system restore but failed. Bitdefender 2011 keeps on telling me that its blocking a virus called "Trojan Generic" and also another one called "Trojan Horse" but the box keeps on popping out every 10 seconds or so. I have scanned my computer with HijackThis and will post the resulst below. I will appreciate any suggestions anyone out there has since I've tried on myself for a week to remove it with programs like Malwarebytes, Spyware Doctor(actually bought it 2 days ago but it did nothing), Bit Defender 2011, AVG 2012, and have failed to remove it. Thank you for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:09 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Gabriel DLT\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)... Read more

Read other answers
RELEVANCY SCORE 46.4

I would greatly appreciate any help I can get with this. Norton 360 has informed me my computer is infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 and also Trojan.Webkit!html     I realized the seriousness of it when any browser I was using would freeze when I'd attempt to login to online banking. Thankfully my bank noticed something was happening too and shut down the online banking before any $ damage was done. No more online banking till this gets fixed
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 1.6.0_31
Run by Owner at 22:30:05 on 2013-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.6143.1974 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe ... Read more

A:Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more

Hello ddr12 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your... Read more

Read other 32 answers
RELEVANCY SCORE 46.4

I get the following Messages from AVG's Resident Shield:
Threat detected! Trojan horse SHeur2.BXNY detected on open <--this happens on different files
Threat detected! Trojan horse Generic15.CIFI detected on open <--this has only happened on one file so far luckily

I do the AVG computer scan, it detects the trojans and says it heals all infections but then it starts coming back again. I've also tried using Spybot and have the same thing happen there too. What seems to be happening is that it keeps creating files. It creates them like this.
C:\Windows\temp\*.tmp\svchost.exe
(* tends to be 4 random letters)
I've gone in and deleted everything in my temp folder, done the scans and been told the computer is clean, and then about five minutes later, I get a message saying it's started spawning them again. I've been trying to stay on top of emptying out my temp folder while it's doing this though because in the course of 10 minutes it'll spawn like 25 of these files.
---------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Robyn at 22:44:57.46 on 09/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3068.1641 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP:... Read more

A:Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 46.4

PTTD: Post Traumatic Trojan Disorder
Several weeks ago, I got attacked after something slipped past resident McAfee. No popups, but my computer was running very slow, click on files would not open, running processes showed numerous host dll, internet restarts, and the cursor was always thinking and moving on its own. I ran several full scans (NOT in safe mode). MBAM found Trojan.generic, SAS found Trojan.fakeMS and clicker.FMS, Beta MBAR found Trojan.poweliks, McAfee nothing. My computer seems to be OK now, but I still think something is lurking with the refresh of paging while on the internet.
 
Just a few of many concerns: 
setbj in startup programs (disabled a year ago due to other event); don’t know how to delete it or if I should.
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
Regedit: Windows software entry with numbers and then data Houdsodu!Rdbtshux; not sure if I should delete the main entry.
Microsoft office14 (hijackthis log), which I don’t have.
 
I followed the prep guide before posting. I hope the page is not out of date (2005).
Backup of data
McAfee shows firewall enabled
 
My computer:
Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
LENOVO IdeaCentre K330B x64-based PC
Intel® Core™ i3-2120 CPU @ 3.30GHz, 3300 Mhz, 2 Core(s), 4 Logical Processor(s)
LENOVO DPKT21A, 8/8/2011
SMBIOS Version           ... Read more

A:PTTD after infection with Trojan.poweliks, Trojan.generic, fakeMS...

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Wait for further instructions.

Read other 17 answers
RELEVANCY SCORE 46.4

My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run FixVundo.exe, VundoFix.exe, and WinsockXPfix v1.01.exeI have dow... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

Read other 3 answers
RELEVANCY SCORE 46.4

MY ORIGINAL POST IS IN THE WRONG SECTION> I APOLOGIZE!My pride has been in the way of asking for help in situations like this, but I think I am in way over my head, so here goes:I have been infected with multiple trojans and malware, including:Trojan.TDSSTrojan.Vundo.HTrojan.VirtumondeTrojan.VundoGeneric!artemisTrojan.FakeAlertTrojan.SenekaMalware.TraceTrojan.AgentSpyware.OnlineGamesand most recently: generic!artemisI have used multiple scanner programs: Malwarebytes Malware. Windows Defender, Spyware Doctor, Norton Corporate Anti-virus 10.0.0.359, and Lavasoft Adware 2007 AND 2008. I uninstalled Symantec Norton Anti-virus Corperate, and installed AVG, and ran it in safemode, and it had a ton of virus that it detected. I then removed AVG after it was done, and reinstalled Symantec Norton Coperate Anti-virus.I also used Vundofix to rid myself of the Vundo.I think I have finally gotten rid of vundo(I pray I did...really NASTY virus), and most of the other virii, but I just recently (for safety sake) scanned my pc using Mcaffee Stinger, and I have the generic!artemis virus. I have no idea the damage that has been done to my pc, but It is running terrible, and My anti-virus has crapped out a couple of times during a scheduled scan. Most of the time I cannot do a scheduled scan, as it hangs up.When I was infected with the Vundo Virus, It screwed up my registry and did some really nasty damage to my winsock files. I had someone look at it, and they had me run Fix... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

Read other 1 answers
RELEVANCY SCORE 46

Hi guys,
 
I'm way in over my head here. I accidentally unleashed some foul demon on my computer. By being an idiot most likely. I can't reenable my firewall and f-secure keeps finding new vira with the names indicated in the title. Is anyone able to help me out? Anything would be immensely appreciated.
 
Best wishes,
Ragian
 
dds
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Rasmus at 13:39:51 on 2013-11-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe
C:\Users\Rasmus\AppData\Roaming\Spotify\... Read more

A:heur.trojan.sirefef & trojan.generic.9819927

Hello Ragian I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 22 answers
RELEVANCY SCORE 46

First of all thank you in advance for your time to look into my computer problem.Few weeks ago I started getting weird audio messages when starting or rebooting my computer, as well as, when changing web pages or trying to open my outlook express.The messages were from orchestral music- 2001 space odyssey to audio messages: 'Houston we copy', 'Roger', this has been one great step for the humanity' and e.t.cMy computer is significantly slower. Unfortunately it all seems to escalate even more. Right now I have difficulty to send this message and log, because the web page keeps freezing. It happens often when there are two web pages open at the same time. I have the full operational versions of 'Webroot Spy Sweeper' and 'Micro Trend Antivirus 2007' both of those detected some infections but failed to clean them. I was in touch with the webroot support service. They sent me several fixes, but the fixes failed as well. So it was suggested to me to look for outside technician.I took all the steps from the Preparation guide before posting to this Log. I installed spy sweeper, run housecall anti virus, panda anti virus, bit defender and avert stinger. I installed the Sygate fire wall as well. In the topic title I listed the viruses that were found with panda anti virus and bit defender.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:05:27 AM, on 12/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning proces... Read more

A:Generic Malware,trojan.agent.aav,trojan.zlob.avp

Welcome to BC

Sorry for the delay, the forum has been extremely busy lately.

Since its been a few days, please post a fresh Hijackthis log. Thanks.

Read other 9 answers
RELEVANCY SCORE 46

I had lost data on a hard drive and while getting programs to recover data, I got more this I need, which includes the "New Malware.q trojan; Generic.ca trojan; Uploader-r and other viruses". I have ran various antiviruses and spyware tools, but still being stubborn. Only thing I'm really need to keep is email stuff with outlook express, so all other stuff is up for cleaning.

Michael

HJT log shown below

Logfile of HijackThis v1.99.1
Scan saved at 7:02:21 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Personal Firewall\lpfw.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\essspk.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\DOCUME~1\ORCASC~1\LOCALS~1\Temp\7.tmp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:New Malware.q trojan; Generic.ca trojan; Uploader-r and other viruses here, thank you

Hello orcascogins and welcome to TSF,

Please print out or copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

---------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Run a scan in HijackThis. 'Check' each of the following if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 781654039
O4 - HKLM\..\Run: [7.tmp] C:\DOCUME~1\ORCASC~1\LOCALS~1\Temp\7.tmp.e... Read more

Read other 15 answers
RELEVANCY SCORE 46

These are the stuff that has come up after scanning using a few tools: Generic_c.ZS, Generic.CQQ, trojan.zlob, trojan.conficker.h . I'm not sure whether any of the infections have been properly healed because my computer is still showing abnormal symptoms. Symptoms include:- Unable to update anti-virus softwares (I managed to update AVG manually though)- Unable to access Microsoft.com websites (address not found)- Unable to access anti-virus websites (address not found)- After using the computer for approx an hour or so, new programs cannot load, PC cannot be restarted/shutdown properly, task bar items sometimes hangs, DSL connection has to be reinitiated via a force restart.All these are new symptoms that started almost simultaneously a month+ ago. I'm not sure where exactly the source of infections came from. I'm guessing a combination of external pen drives and websites.My DDS Report:---DDS (Ver_09-02-01.01) - NTFSx86 Run by Wilson C at 14:40:13.73 on Wed 03/11/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.555 [GMT 8:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)FW: ZoneAlarm Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24Ev... Read more

A:Generic_c.ZS, Generic.CQQ, trojan.zlob, trojan.conficker.h

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 46

Hi Guys,I've had a virus on my computer for 2 months now but can't remove it. Norton says it's trojan.cachecachekit and AVG says it's trojan horse Generic.GM. I've done scans with Panda, AVG, Ewido, Stinger, Spybot, Ad-Aware SE, CCleaner in both safe mode and normal mode but nothing seems to work. It SEEMS once the system boots up it re-installs itself. The popups are so bad I can't even work on the computer. If I wanna work then I need to disable my anti-virus shield. My laptop is a dual boot system (win 2000 pro and win xp). So far I only see problem with win 2000. Win XP seems to be fine. I have a wireless network at home but this virus was caught while I was away from home. I have tried suggestions from other forums and Symantec but so far nothing has worked. Now either it's re-formatting the HD or you guys. Pleaaaaaaaaaase don't make me re-format my HD. Thanks for all you help in advance.Here is the most recent Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 12:15:40 AM, on 12/27/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\system32\svchost.exeD:\WINNT\System32\svchost.exeD:\WINNT\system32\spoolsv.exeD:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeD:\PRO... Read more

A:Infected With Trojan.cachecachekit / Trojan Horse Generic.gm

Fix these with HJT ? mark them, close IE, click fix checkedO4 - HKLM\..\Run: [Microsoft IIS] D:\WINNT\system32\syshost.exe O4 - HKLM\..\Run: [Microsoft Windows Autowxckn] autowxckn.exe O4 - HKLM\..\RunServices: [Microsoft Windows Autowxckn] autowxckn.exeO4 - HKCU\..\Run: [Microsoft Windows Autowxckn] autowxckn.exeO23 - Service: File copy caching service (cpy) - Unknown owner - D:\WINNT\cpy.exeO23 - Service: Mod Libary (modlb) - Unknown owner - D:\WINNT\modlb.exe (file missing)=================Click Start > Run > and type in:services.mscClick OK.In the services window find File copy caching serviceRightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.Repeat for - Mod Libary=============DownLoad http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for c... Read more

Read other 9 answers
RELEVANCY SCORE 46

Hi there :

heres my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:07, on 06/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\syste... Read more

A:Infected with Trojan.Adclicker.HB & trojan generic 826214

bump

Read other 19 answers
RELEVANCY SCORE 46

I bought Kasperky just last week and I have a trojan that keep installing itself over and over. Everytime I do any scan it is always back after being deleted.

Hope someone can help. Here is my HJT Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:56 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common
files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolba
rNotifier.exe
C:\Program Files\Microsoft
ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus 2009\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comm... Read more

A:Trojan Kaspersky can't get rid of. HEUR:Trojan.Win32.Generic

Read other 6 answers
RELEVANCY SCORE 46

I am working on a Win XP SP3 Laptop and have had fake anti-virus infections over the last few months. MalwareBytes has helped me remove them by running in safe mode.After working for awhile, I will start to get repeated "Internet Explorer Cannot Display the Webpage" errors (using IE8). I have tried SuperAntiSpyware, MalwareBytes, SpyBot, and Ad-Aware.Even if they remove something, the problem returns. Ad-aware recently removed Trojan.1 and Trojan.Win32.Generic!BT. I think GMER removed a rootkit, but it closed before I could save the log and I reran it to produce this one.Thank you.Here are my DDS and GMER logs (attach.txt is attached)DDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Peter at 22:39:38.31 on Fri 07/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.153 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Prog... Read more

A:Repeat Infection - Trojan.1 and Trojan.Win32.Generic!BT

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 12 answers
RELEVANCY SCORE 46

For the last 3 days my computer has been acting up severely. I have read numerous posts from people with this same issue. Since each set of instructions is geared for a specific computer I will post mine for help. I am not sure how much information is included in the HJT report I will give some specifics.
I am using a Dell Inspiron E1405 lap top with Windows XP Media Center Edition version 2002 Service Pack 3. I normally use Internet Explorer 7, but installed Firefox because I thought it was an IE problem in the begining. I use McAfee Security Suite and it has found the following:
Detection Type: Trojan
Detection Names: Generic.dx!w, Generic.dx!w
Status: Quarantined (Though I have attempted to remove it many times)
File Name: C:\DOCUMENTS AND SETTINGS\MANUEL
MEDEIROS\XPSHIELDSETUP.EXE
This was something that I believe the Vundo Trojan asked me to install, even though I hit no it still installed a phoney virus removal program. Also found was:
Detection Type: Trojan
Detection Name: Vundo!grb
Status: Quarantined (Again I've removed it several times with McAfee)
File Name: C:\WINDOWS\system32\ovurorep.ini

I have done research on both of these and tried several removal methods, none of which have worked. I am getting many pop ups from IE even when I am on Firefox, very slow speed (some sites are a little better than others), and at times I cannot access my email. It says that they are doing maintenance, however other friends with the same ISP have no trouble. I am also get... Read more

A:Generic.dx!w Trojan and Vundo!grb Trojan Removal Help Needed Please.

Bumping
 

Read other 2 answers
RELEVANCY SCORE 46

Hi,

I have recently had help from devil_himself in this post http://tinyurl.com/3yck3e
Since then I have been researching on the net about things and finally decided to download and run Spyware Doctor (Trial) which came back with positives...

'Trojan-PWS.Tanspy' and 'Trojan.Generic' issue.

Could someone please help me to remove these.
I have read previous posts but hesitate to follow directions given to those individuals as the instructions given may of course be intended solely for that persons confi or situation.

I had posted a comment here http://tinyurl.com/2l3dt9 Could this be deleted please as it was merely an observation but I see not a question or specific detail of findings.
 

A:Solved: Trojan-PWS.Tanspy and Trojan.Generic issue

Can anyone help?? Does anyone know for sure if Spyware Doctor or NOD32 WILL remove it. If so maybe I had better buy it as I do not want to leave them there.
 

Read other 3 answers
RELEVANCY SCORE 46

Hi. Thanks in advance for the time. McAfee AV it's telling me since yesterday this message:McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Generic.dx!peb (Trojan), Generic.dx!peb (Trojan)Location: C:\WINDOWS\TEMP\eorh.tmp\svchost.exeThe eorh.tmp it's just an example. The path will be always like: C:\WINDOWS\TEMP\xxxx.tmp\svchost.exe Now it has added another trojan: McAfee has automatically blocked and removed a Trojan.About this TrojanDetected: Artemis!21CF83958DC7 (Trojan), Artemis!21CF83958DC7 (Trojan)Location: C:\WINDOWS\TEMP\hsuy.tmp\svchost.exeThis keeps appearing in like 10 minute intervals:Here it goes the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by mmondeja at 10:45:34,10 on 25-03-2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17Microsoft? Windows Vista? Business 6.0.6002.2.1252.56.3082.18.2015.769 [GMT -3:00]SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\WINDOWS\system32\wininit.exeC:\WINDOWS\system32\lsm.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\system32\Ati2evxx.exeC:&... Read more

A:Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 46

Hi,

I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't heard back. I did this through the Bitfender Support panel in the software itself but now I'm worried that (because of the virus) the info from my machine may have been sent to some hacker somewhere.

I've found the infected file. It's in my Mozilla profiles folder and is called 'permissions.sqlite'.

Does anyone know what this virus is? Can I just delete the file? Will that solve it or make it worse? If I do delete it will it affect my system in any other ways?

Thanks.

SJ.

A:Trojan called 'Trojan.Generic.2582177' on my system

Hi .... How big is the File ? .... Could you upload it to Virus Total ? ....

I would do a Scan with Malwarebytes ....
Malwarebytes Anti-Malware Free

Read other 9 answers
RELEVANCY SCORE 45.2

I am infected with Trojan-Downloader.murlo and Trojan.Generic. I use PC Tools Spyware Dr. with Antivirus and I have run ComboFix and Malwarebytes. I have tried deleting all but the latest restore point and running all antivirus and anti-malware programs in safe mode. Eventually my scans were clean, but the trojans keep coming back. how do I eliminate them for good?

A:Trojan-Downloader.murlo & Trojan.Generic

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. As such, ComboFix should not be used without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. Since you already ran Combofix, its log should be thoroughly reviewed by experts who have been trained to decipher them before proceeding. ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt. Please follow the instructions in the "Preparation Guide For Requesting Help" starting at Step 6. When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 45.2

Yesterday we had a Windows XP Antivirus Pro 2012 issue. I was using AVG Free and everything was locking up. Installed Bitdefender 2012 and that seemed to take care of the Windows XP Antivirus Pro problem but now Bitdefender keeps finding these two trojans in the C:\RECYCLERS folder. I've had these two alerts come up three times today and each time Bitdefender says it deletes them. After doing some research on the Sirefef.MC trojan, it looks like I need some serious help. Below are the logs.
I'm not sure why a lot of the backslashes are showing up as \. They look normal in the text file.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 0:33:21 on 2012-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.302 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\System32\spool\DRIVERS\... Read more

A:Trojan.Sirefef.MC and Trojan.Generic.8305353

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 18 answers
RELEVANCY SCORE 45.2

Uncontrolable pop-ups, conflicker worm, slow start-up, unable to access web pages, AVG anti virus software not working, this is a teenagers computer no telling what was downloaded or when.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 17:49:29.59 on Tue 04/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.195 [GMT -6:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\116177960.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\... Read more

A:generic trojan dialer & backdoor trojan

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 2 answers
RELEVANCY SCORE 45.2

:whistle my advanced system protector pops up with a host file change , if I select dont allow my computer shuts down. cant uninstall gotomypc, printer keeps uninstalling. ThanksSorry forgot to hit upload for last postMerged topics then posts. ~ OB

A:trojan.generic.001 + trojan.backdoor variants

Hello amberbox81,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.It's been awhile, do you still need help? Please reply as soon as you can so that I could analyze your log.Best regards,mas_pogi

Read other 1 answers
RELEVANCY SCORE 45.2

Hi, I need some help removing a Trojan Vundo and Trojan Generic that i cannot seem to find anywhere on my computer. Ive been looking for a while now and cannot find them. My Trendmicro antivirus cannot find it either. If any1 could give me instructions on what i should do it would be greatly appreciated. Im running windows XP and have a dell XPS 200.

The virus is causing a mass amount of pop-ups when im browsing the internet and making my computer run slower. It is also causing my computer to somtmes freeze up on me when a pop-up comes on the screen.
Thanks in advance,
Defect
Oh also the popup i get a lot is this winfixer or winantivirus. Dont know if that can help at all.
 

A:Solved: Trojan Vundo, and Trojan Generic

Read other 14 answers