Over 1 million tech questions and answers.

Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Q: Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

I'm running on Windows XP Media Center. I've been using Webroot's Spysweeper and PCtools antivirus, and i've constantly picked up the same alerts every time I run a scan and removing them. After removing them and rebooting my computer, I get a fakealert on my taskbar which I can't seem to remove either. I've also tried booting in safe mode and running a scan, but that didn't work either seeing as how everything seemed to come back as alerts when I restarted. I've also noticed that Windows Defender has an error when I startup my computer. Thats the most I can recall happening. I've temporarily removed the red circle with the X on it (fakealert) that advertises some spyware product by closing explorer.exe from my process tabs and restarting it with run.

RELEVANCY SCORE 200
Preferred Solution: Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Hello Kanko and welcome.Please run this first, post back the scan report and tell us how the PC is doing now.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Follow withPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 10 answers
RELEVANCY SCORE 125.6

Hi friends, ironic I get infected? since I'm learning to avoid such things. I don't know how this happened, had a lot of popups from VirusRemover2008 earlier, tried to run mbam several times, wouldn't run. Tried in safe mode, would not run. Renamed it and it suddenly ran Ran it once in safe mode but had to abort pc really slowed down too much, it deleted some Vundo's on reboot, in normal mode things looked ok.. for a while. The popups soon returned and mbam ran but could not update, even though the internet worked fine, but it scanned and found a fair few infections (second log posted)RSIT will not scan, get the following error message when I try:Line -1:Error: Error parsing function call.I think I have a rootkit infection (TDSS I think is rootkit related)Sorry I can't post any diagnostic info (HJT will run but is clean ) all I can post is the mbam logs:Malwarebytes' Anti-Malware 1.31Database version: 1520Windows 5.1.2600 Service Pack 321/12/2008 03:15:39mbam-log-2008-12-21 (03-15-36).txtScan type: Quick ScanObjects scanned: 15662Time elapsed: 6 minute(s), 54 second(s)Memory Processes Infected: 0Memory Modules Infected: 3Registry Keys Infected: 11Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 0Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:WINDOWSsystem32ljJAQGyW.dll (Trojan.Vundo.H) -> No action taken.C:WINDOWSsystem32tyshb36rfjdf.dll (Trojan.Fakealert) -> No action taken.C:WINDOWSsyste... Read more

A:Trojan.Vundo/Trojan.TDSS/FakeAlert/Zlob/VirusRemover2008

~Sorry for Bump~ (I don't mind being pushed back, but you should know this)I got further detections of TDSS (I thought it may have dissapeared because no symptoms were shown) so I ran SDFix in safe mode and it found the rootkit and removed it, RSIT now runs. I think my computer is ok now. Here are the logs:SDFix: Version 1.240 Run by Jat on 21/12/2008 at 13:12Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Name : TDSSserv.sysPath :\systemroot\system32\drivers\TDSSmfdc.sys TDSSserv.sys - DeletedRestoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : Trojan Files Found:C:\windows\system32\drivers\TDSSmfdc.sys - DeletedC:\windows\system32\TDSSnirj.dat - DeletedC:\WINDOWS\SYSTEM32\TDSSNIRJ.dat - DeletedLogfile of random's system information tool 1.05 (written by random/random)Run by Jat at 2008-12-21 13:34:47Microsoft Windows XP Home Edition Service Pack 3System drive C: has 12 GB (31%) free of 38 GBTotal RAM: 894 MB (46% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:34:55, on 21/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\Ati2evxx... Read more

Read other 2 answers
RELEVANCY SCORE 122

Starting yesterday afternoon, my computer began slowing and a "Security Tool" icon appeared at bottom right of screen, with pop up. I did not click on either, and immediately began researching. Downloaded Malwarebytes Anti-Malware, ran and discovered 16 infected files and removed. Unfortunately, the Trojans appear to continue to reside. Desktop screen goes blue, at times, with no icons visble.

Any assistance will be greatly appreciated.

Thanks,

Kevin
DDS (Ver_09-10-26.01) - NTFSx86
Run by Kevin at 12:16:45.45 on Wed 11/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.475 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\sys... Read more

A:Infected with Trojan.FakeAlert.H and Trojan.Zlob

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 120.4

Malwarebytes' Anti-Malware 1.34Database version: 1876Windows 5.1.2600 Service Pack 23/20/2009 4:06:56 PMmbam-log-2009-03-20 (16-06-56).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 119370Time elapsed: 21 minute(s), 29 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 7Registry Data Items Infected: 3Folders Infected: 0Files Infected: 13Memory Processes Infected:C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LO... Read more

A:Trojan.Agent,Trojan.NtRootkit.Agent,Backdoor.IRCBot,Trojan.FakeAlert.H

I have posted at Geekstogo to help you already.
Please do not post at multiple forums for help.

Read other 1 answers
RELEVANCY SCORE 118.8

I may have plugged an infected flash drive into my brand new Acer Aspire 5730 running Vista. I wasn't sure if the drive was infected, so I plugged it in, didn't access it, but scanned it with AVG Free 8.0 and Malwarebyte's Anti-Malware. The Anti-Malware scan turned up multiple instances of Trojan.zlob and Backdoor.bot, and AVG picked up nothing. I removed the flash drive and ran a full scan with both programs on my laptop. Again, AVG picked up nothing, but Malwarebyte's picked up the exact same instances of Trojan.zlob and Backdoor.bot now on my laptop. The log lists the locations of the infected files as:C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.Please note that when I originally scanned my flash drive, the exact sam... Read more

A:Possibly Infected with Backdoor.bot, Trojan.zlob, and Trojan,vundo

Hello MissCarolWelcome to BleepingComputer ========================If you are still in need of assistance please post a newRsit log.

Read other 13 answers
RELEVANCY SCORE 113.6

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 111.2

Hi I was infection with the above Trojans which resulted in a flashing yellow triangle and lots of popups about malware infection and security downloads.I have followed your steps re downloading Ad-Aware and Spybot and I also downloaded AVG free which has managed to vault a numbe of Zlob files. I have Norton 360 as my main security.After running the Ad-Aware and Spybot, the flashing triangle and pop ups appeared to have stopped. I have made a Hijackthis Log and am posting it here ... can you tell me if I need to do anything further?ThanksMezLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:18:42, on 24/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symant... Read more

A:Backdoor Trojan/zlob Trojan

Hello mezxx,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys ... Read more

Read other 17 answers
RELEVANCY SCORE 110

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC: ... Read more

A:Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 108.8

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 108

I have gotten Trojan.Ertfor ,Trojan.Zlob.H ,Trojan.Downloader ,and Malware.Trace and I just cant seem to get rid of these Trojans I have ran Malwarebytes'Anti-Malware program(did not get rid of these,and came back) I also did a manual deletion of these Trojans(They came back and didn't stay deleted) I will also add the Malwarebytes'Anti-Malware program Log of these Trojans. Can i get help on what to do to get rid of these annoying Trojans?
Here is the Malawarebytes'Anti-malware Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 4:33:11 PM
mbam-log-2009-06-25 (16-33-07).txt

Scan type: Quick Scan
Objects scanned: 104801
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion ... Read more

A:Trojan.Ertfor, Trojan.Zlob.H, Trojan.Downloader, Malware.Trace, OhMY!

Hello and welcome.. Let's do 2 things next,I think we can clear this up.Run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmYou have a good amount of files here. We should do a full scan.....Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 7 answers
RELEVANCY SCORE 107.6

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 107.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 106.8

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 106.8

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 106.8

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

Read other 1 answers
RELEVANCY SCORE 106

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 106

All sorts of weird things happening on my pc.

I keep receiving various pop-up messages, a Windows Security Alert message asking me to download Spywear remover, Windows Internet Explorer message to install Virus Remover 2008 and another for PCPrivacy Cleaner, a Spywear Alert message telling me that Worm.Win32.NetBooster has been detected on my machine. Theres also a flashing red and white cross icon with a Security Alert message, and next to the time are the words "VIRUS ALERT".

Alot of my desktop shortcuts have disappeared and three new ones have been added; "Error Cleaner", "Spywear&Protection" and "Privacy Protection". My desktop background has been replaced with a red background and a message telling me to download privacy protection software now.

I'm unable to find MyComputer, Control Panel, Security Center, Local Drive and more. All of them have disappeared from the start menu.

Bit-Defender shows a pop-up message stating that some files have not been infected with Adware.VirusRemover.B and that some files are suspect of Trojan.Downloader.VBS.BL.

After running Malewarebytes Anti-Maleware, it reports 33 infected objects such as Backdoor.Bot, Trojan.FakeAlert, Rogue.Link and Hijack.Homepage. Malwarebytes tells me it need to enable regedit and reboot pc, removes the infected objects but after rebooting the same problems return. Please help!!!!!

A:Backdoor.bot, Trojan.fakealert, Rogue.link! Pls Help!

Problem solved, thanks to this site.

I followed the guide for SmitFraudFix and now everything is back to normal, me and the PC are friends again.

Read other 5 answers
RELEVANCY SCORE 105.6

Ive been fighting the Zlob.Downloader.vcs and Virtumonde-C Viruses for a few days now. Im hoping these logs are telling me that Ive finally won the battle, but I need a second opinion, any help? Greatly appreciated!!Deckard's System Scanner v20071014.68Run by Jack Schmitt on 2008-04-20 18:52:47Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --85: 2008-04-21 01:52:55 UTC - RP85 - Deckard's System Scanner Restore Point84: 2008-04-20 18:10:03 UTC - RP84 - Removed Sunbelt CounterSpy.83: 2008-04-20 17:40:54 UTC - RP83 - Installed Sunbelt CounterSpy.82: 2008-04-19 23:21:58 UTC - RP82 - ComboFix created restore point81: 2008-04-18 18:02:13 UTC - RP81 - Last known good configuration-- First Restore Point -- 1: 2008-04-18 18:01:54 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jack Schmitt.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:35 PM, on 4/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\l... Read more

A:Trojan.vundo, Trojan.agent, Trojan.fakealert

Hello! Welcome!I see you already have Malwarebytes installedDouble-click the Malwarebytes IconOnce the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please copy and paste the entire report in your next reply. Extra note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.If you have run this tool before please post all previous logfiles.

Read other 1 answers
RELEVANCY SCORE 103.2

Hello,

could i please have some technical advice on how to deal with the following

I went to a site where i was requested to download Active X and since then the following pop up has been occuring every couple of minutes and sits in the start up line by the time on my computer.

AVG told me it is a backdoor trojan Zlob and has placed it in the vault but the pop up just wont go away.

MESSAGE:

"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution."

I ran a hijack this scan and attached are the results, could you please tell me what i should delete from the list and how too, many thanks for you time

Logfile of HijackThis v1.99.1
Scan saved at 9:27:10 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Fil... Read more

A:backdoor trojan Zlob

hi, welcome to TSG.
IMPORTANT! Move Hijack this from the Temp, desktop or from the zip folder
to it's own folder!
Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.

you don't appear to have a firewall or an anti virus program, downlaod these one from the links below once instaled update anti vir!!

Comodo firewall. Sign up it's free!

http://www.personalfirewall.trustix.com/
Threads on comodo!

http://www.wilderssecurity.com/forumdisplay.php?f=31


Anti-vir

http://www.free-av.com/


Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!
http://java.com/en/download/manual.jsp

Please download
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.


Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress ... Read more

Read other 1 answers
RELEVANCY SCORE 102.8

Hi,

My Symantec was sending messages regarding trojan.vundo, trojan.metajuan and backdoor.trojan. I found some info that lead me to your combofix tutorial, which I run and now the pc seems fine, though, in the tutorial is strongly recommended to post the log. Should I?

Thank you!!
-Cristina.

Read other answers
RELEVANCY SCORE 102.8

I've used SpyHunter3, but I don't have the license so I can't remove these infections. Please help me to clean my computer. The HJT log is here:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:36, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Security Task Manager\taskman.exe
C:\Arquivos de programas\Enigma Software Group\SpyHunter\Sp... Read more

A:Zlob Trojan, Zlob Video Access and Trojan Downloader Contravirus

Read other 5 answers
RELEVANCY SCORE 101.2

I have been infected with some serious trojansMBAM Scan results identified these 6 viruses/trojans:Trojan.BHO - file Adware.Vomba - Registry KeyTrojan.Fakealert - Registry KeyFake.SystemTool - Registry ValueFake.SystemTool - FileFake.SystemTool - Registry Value- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Here's what I am getting:- A fake program "Antivirus System Pro" runs on startup now- gives repeated popups anytime I try to run a program (even Task Manager & svchost.exe) "Security Warning..."- popup alert in bottom right corner that says"Antivirus System Pro alertINFILTRATION ALERTYour computer is being attacked by an internet Virus. It could be a password-stealing attack, a trojan- dropper or similar.DETAILSattack from: 166.15.38.109, port 65207...."here's my malwarebytes log:- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Malwarebytes' Anti-Malware 1.41Database version: 2775Windows 5.1.2600 Service Pack 210/15/2009 9:30:35 PMmbam-log-2009-10-15 (21-30-28).txtScan type: Quick ScanObjects scanned: 118038Time elapsed: 10 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\advantage (Adwar... Read more

A:Infected with trojans: Trojan.BHO, Adware.Vomba, Trojan.Fakealert, Fake.SystemTool

never mind. problem solved now. MalwareBytes Anti-Malware successfully quarantined the trojans.

[CLOSE TOPIC.]

Read other 2 answers
RELEVANCY SCORE 101.2

RE:trojan.inject, trojan.fakealert,fraud,antivirusPlus, Mirorosoft.windowssecuritycentre_disbled, myway.mywebsearcHi my anit-virus became turned off and a fraud antivirus was loaded on to computer. This anti virus said i had millions viruses and i had to pay 29.99 to have them removed i was able to un-install the program from control panel, malwarebytes found a few things and so did search%destoryBut i keep getting ad pop-ups and my browser gets redirected an adverts, i also seem to get a mail-chat box pop-up on some websites, in my browser. The letters on some of the websites change to blue hypertext. I think my computer may still be infected. SuperAntispyware program, found nothing. Also my firewall has turns off a couple of times for no reason.DDS (Ver_09-12-01.01) - NTFSx86 Run by Im The Special One at 19:04:55.93 on 04/02/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.563 [GMT 0:00]AV: Eset NOD32 antivirus system 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\Explo... Read more

A:trojan.inject, trojan.fakealert,fraud,antivirusPlus, Mirorosoft.windowssecuritycentre_disbled, myway.mywebsearch

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 2 answers
RELEVANCY SCORE 100.8

I was infected, and may still have, traces of Backdoor Trojan and Malware. I've been working with another forum but they haven't replied in several days.
I have run many scans and diagnostics which, up to this point, I was receiving help to handle.
I know there are still unresolved issues and I wondered if someone could help me with a HiJack This scan and log or something to rid my system of whatever is still there.
I've seen the word Trojan come up and be deleted several times, the last by Trend Micro Housecall Online Scan, as well as Sober Worm and a bunch of other worms. There are porn domains that I have no idea where they came from and would like to remove.
Could someone please guide me? I'm not having any obvious problems right this minute but I don't want to stop until I'm sure I've fixed this. It was pretty hectic with pop-ups all over the place and warnings wanting me to purchase their spyware removal programs and sites being redirected all over the place. I'm now using Mozilla instead of IE. I have Windows XP Pro SP2. I thought I was pretty skilled till this happened.

A:Cleaning Up After Backdoor Trojan/zlob Infection

Hello c1cdj and welcome to BC

It would be helpful if you provided a link to your topic in the other location so we know what's been done and what hasn't been done in the process of cleaning your computer. Also, as a courtesy, you should inform them that you are receiving help elsewhere.

Please let us know what your operating system is: Windows XP, Vista, etc.

Note: HJT logs are not posted in this particular forum. The HJT forum is EXTREMELY busy, so we would like to see if your problems can be resolved in this forum. If it is determined that you need to post an HJT log, we will provide specific directions at that time.

Orange Blossom

Read other 3 answers
RELEVANCY SCORE 100.8

Hello, new user to techguy forums, need major help with a ZLOB trojan I got like an idiot. I am getting a windows like message, even though it isn't windows, stating "Detected a number of active spyware applications...." When I run Spy Sweeper it detects,and quarantines, the following virus "Trojan-Downloader-ZLOB". Everytime I turn my computer back on it is back and wont go away.

I ran Trend Micro Internet Security 2008 and it seems to have cleared it up, but I want to be sure nothing is hiding.

Below is my HJT scan log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:18 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Pro... Read more

A:Solved: ZLOB Trojan Backdoor virus

Read other 16 answers
RELEVANCY SCORE 100.8

Hey...

So the other day, I got a pop-up from Avast saying that a virus had been detected and it couldn't take care of it. I actually forget what happened exactly after that, but I believe I started getting pop-ups in Firefox. Then Firefox crashed. Then my computer restarted. I tried to do a system restore and then it restarted and just hung right before the desktop would usually show up. I turned off my comp at this point. The next morning, I turned it on and everything loaded regularly. But I was getting weird pop-ups in firefox still and my google search results were (Still are) being redirected to search.start-search.net. So I restarted my comp at this point and then it just kept getting to the desktop, a "Windows Security Essential Alert" popped up that said "Detected items: unknown win32/trojan" and then restarted on its own.

I eventually started in safe mode and tried to run Malwarebytes. It ran to its completion and I saw a few of the names of the threats (trojan.zbotr.gen, trojan.fakealert, trojan.agent, trojan.hiloti), but when I tried to fix the infected files (it found 20), the computer just restarted again and then kept restarting.

Now, I planning on posting here from my brothers computer, but I tried again to get on my computer and windows asked if I wanted to restore so I did. And now I'm actually able to get to my desktop and do things, but I'm 99.9% sure I'm still infected. So now I'm just waiting to see what to do ... Read more

A:Multiple trojans/malware - trojan.fakealert/trojan.zbotr.gen

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 15 answers
RELEVANCY SCORE 100.8

Hello,My computer appears to have been infected by the Antivirus Pro 2010 virus a few weeks ago; suddenly Mozilla was hijacked, redirected to another site (see below). Suddenly numerous fake antivirus screens suggesting I had a virus. At the time of infection, I was using McAfee Total Protection Service as well as an older version of MBAM (not runtime version).Steps I followed:1. Killed ?ave.exe? process and manually deleted all instances in the file system (application data folder) and registry.3. Created and ran fix.reg, which allowed me to download and execute other programs, which I was unable to do up to that point. 4. Ran SDFIX.exe which didn?t report anything. At some point, I then rebooted and the issue occurred again. Updated and ran MBAM and it showed Trojans in the log file, which I then quarantined.I then downloaded and ran Stopzilla, which then quarantined and deleted ave.exe. I ran MBAM after that, and it came back completely clean. Also, since Yahoo! wasn?t showing up correctly in the browser, I reinstalled the Java runtime environment, assuming it got screwed up somehow. At that point I turned off my PC for the night. Upon reboot later the next day, Stopzilla showed AVE.exe was there again. I continue to have browser hijacks and sometimes my laptop hangs if the hijack occurs when I am out of the office. If I close the hijack right away, there are no outward signs of issues. Every so often McAfee will report it has deleted certain viruses, as below.... Read more

A:Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack

hi mshadle,You could try this exactly as it is stated, but it might not do any long term good since you might have additional problems.This part of Bleeping Computer usually doesn't look at logs, but based on what you posted, it looks like you might have rootkit. I recommend you follow this guide which will allow you to get help from the malware experts that can assist you in these types of advanced repairs. Good luck and let me know if you have any questions.

Read other 4 answers
RELEVANCY SCORE 100.8

Hello,My computer appears to have been infected by the Antivirus Pro 2010 virus a few weeks ago; suddenly Mozilla was hijacked, redirected to another site (see below). Suddenly numerous fake antivirus screens suggesting I had a virus. At the time of infection, I was using McAfee Total Protection Service as well as an older version of MBAM (not runtime version).Steps I followed:1. Killed ave.exe process and manually deleted all instances in the file system (application data folder) and registry.3. Created and ran fix.reg, which allowed me to download and execute other programs, which I was unable to do up to that point.4. Ran SDFIX.exe which didn?t report anything.At some point, I then rebooted and the issue occurred again. Updated and ran MBAM and it showed Trojans in the log file, which I then quarantined.I then downloaded and ran Stopzilla, which then quarantined and deleted ave.exe. I ran MBAM after that, and it came back completely clean. Also, since Yahoo! wasn?t showing up correctly in the browser, I reinstalled the Java runtime environment, assuming it got screwed up somehow. At that point I turned off my PC for the night.Upon reboot later the next day, Stopzilla showed AVE.exe was there again. I continue to have browser hijacks and sometimes my laptop hangs if the hijack occurs when I am out of the office. If I close the hijack right away, there are no outward signs of issues. Every so often McAfee will report it has deleted certain viruses, as below. But none... Read more

A:Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 20 answers
RELEVANCY SCORE 100.8

Hello,

I did some regular scans on my mothers computer and I found some viruses like Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo. In addition to these viruses my mother had her startup to SELECTIVE startup!!!! I do not know why and it shouldn't have been that way. So I put it back to normal, and startup is ridiculous, and I was just wondering what can we do about getting rid of these viruses and cleaning up random junk from starting on startup.

Thank you in advanced, you guys are awsome,

Steve

p.s. should I post a hijackthis log, if so how should i. save to desktop and scan only?

A:Trojan Horse Downloader.Small.DHQ, Trojan.FakeAlert, and TrojanVundo

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.First, please do not post your HijackThis log here as they are NOT permitted in this area of the siteLets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is ... Read more

Read other 16 answers
RELEVANCY SCORE 100.8

Am helping a friend out with their laptop. Machine performance has slowed to a crawl. Boot up is sometimes fine but other times stalls prior to showing the desktop (Win Vista) at which point the screen goes black with just the mouse pointer. This lasts 2-5m? Also, any program installation seems to make the machine seriously unresponsive.Thanks!DDS (Ver_10-12-05.01) - NTFSx86 Run by K.I.T.T at 13:04:21.25 on Tue 12/07/2010Internet Explorer: 8.0.6001.18975Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.874 [GMT -5:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost... Read more

A:Trojan.Fraudpack & Trojan.FakeAlert.Gen found by MalWare Bytes

UPDATE: Please disregard. The machine has been wiped since there was a backup of all important data. Thanks.

Read other 2 answers
RELEVANCY SCORE 100.8

Quick background - My young teenage son clicked on pop-up for Duck Hunt. He told me after he clicked popup he got message that "something" was being installed but he couldn't stop it. And now I am infected with some kind of virus.

I ran full scan on my McAfee, rebooted when it told me to and ended with the log showing following infections on my computer:

DNSCharger.r (Trojan); Generic FakeAlert.k (Trojan); FakeAlert-SpywareGuard.gen.b (Trojan). Major location of them appear to be in c:\windowns\system32 - with different dll files. There is also message about unwanted program (log's words) SetupGamevance[1].exe in Temp Internet files\Content.IES
(I'm not sure if you need the actual path but if so I can enter them). I just can't seem to copy and paste the info or print the log out.

All are showing in the log as "cannot be removed" except for the Gamvance which shows as "cannot be repaired" and McAfee did not or cannot quarantine them.

I know that at least one of them is trying to redirect me on google search. This is what clued me in to what happened, when I was looking for a site and it tried to tell me it was at a different address from what I remembered. I'm not sure what the others will do.

Is there something I can do to get these off my computer? Can some one help me?

I am running Windows XP Home Edition Version 2002 Service Pack 3. I have an Emachine T3104. Not sure what other info I need to ent... Read more

A:Infection - DNSCharger.r (Trojan), Generic FakeAlert.k (Trojan) and SetupGameVance.exe

Please download Malwarebytes Anti-Malware (v1.38) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

Read other 12 answers
RELEVANCY SCORE 100.8

Hello,my situation:Dell 8100 desktop is infected by Trojan.Dropper/SVCHost-Fake, Trojan.Agent/Gen-FakeAlert as reported by SuperAntiSpyware. SAS scan exits after finding these two. Malwarebytes scan also exits shortly after start.DDS: DDS.txt - see below. Attach.txt was not produced for some reason.GMER started but exited right after clicking "Scan", so no report to show, unfortunately.Thank you!Lev.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by Lev at 17:41:20 on 2011-05-25.============== Running Processes ===============..============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comuDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comuURLSearchHooks: H - No FileuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dllmWinlogon: Userinit=c:\windows\system32\userinit... Read more

A:Trojan.Dropper/SVCHost-Fake, Trojan.Agent/Gen-FakeAlert

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

Read other 40 answers
RELEVANCY SCORE 99.6

I got infected this morning after download email attachment, after opened the zip file a program call “Antivirus Security pro” was installed on my computer without my permission, after the program was installed I couldn’t run or open any programs. My Antivirus software “McAffee” didn’t detected viruses when I run a scan before I open the zip. After the software was install “McAffee” had block any oncoming connections from various IP Address that want to get into my computer.  I finally manage to uninstall the “Antivirus Security pro” from my “programs and features”  from windows 7 without any hassle.
 
I tried to run “McAffee” after that, to see if could pick any viruses on my computer but found nothing, due that I wasn’t very sure, I download Malwarebytes, run the solfware, and found two Trojans on my computer which I remove this morning.
 
Now this evening I have run again another scan with “Malwarebytes” and found another four “Trojans” three of them are call “Trojan.FakeAlert.RRE” and one of them is call “Trojan.Inject.RRE”.
 
The reason I am posting this, is because I want to make sure that my computer is completely clean of any malware or anything that can damage my computer or someone try to hack on my computer or stole anything.
I’ll appreciate some help, thanks.
 
Sorry for my English

A:I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE

Please run the following tools and post the logs of each scan to your next post so that we can see what has been found
 
Rkill
http://www.bleepingcomputer.com/download/rkill/dl/10/
 
Superantispyware
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
 
adwcleaner
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
 
Junkware removal tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
 
If you have any questions about any of the programs then please feel free to ask

Read other 1 answers
RELEVANCY SCORE 99.6

Hi,

Yesterday I got virus warnings from AVG and Windows Defender. After running them, and Malwarebytes Anti-Malware, and ComboFix, I think I have cleaned them off. But I want to make sure. I would greatly appreciate any help and will make a donation if we can make sure I'm all clean.

The initial warning was for Trojan.Fakealert. Since then I have had detections of:
Trojan.Fakealert
Trojan.Agent
Trojan.Hanam
Adware.Minibug
Malware.Trace
Trojan.SHeur2.ANWV

Yesterday with repeated Malwarebytes scans in safe mode, and with ComboFix, I was able to get the system responsive again. Since then I have had detections of a trojan in a System Restore point (which I deleted) and in the Recycler (which I emptied).

Once again, some help reviewing logs to make sure I cleaned it off would be most appreciated!! My DDS logs are attached. I will check back frequently and provide any other info if needed.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Steven at 17:36:04.03 on Wed 07/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1008 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\s... Read more

A:Trojan.Fakealert and Trojan.Agent infection, hopefully almost cleaned

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 99.6

Hi, hoping I can get some help from the users here.. I'm having some trojans I can't get rid of.. it's causing redirects within the internet browser (FireFox and IE7).. also causes IE7 to have a fatal error and close.. I've used malwarebytes, spyware doctor,and McAfee Anti Virus.. all of these scanner do find things and they are always a little different.. they delete them but the trojans just keep coming back.. I have also tried running the scanners in safe mode and that has not helped.. here is a HijackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:23:38 PM, on 4/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy ... Read more

A:Trojan.Agent, Trojan.FakeAlert, Worm.Autorun

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 99.6

I got infected this morning after download email attachment, after opened the zip file a program call “Antivirus Security pro” was installed on my computer without my permission, after the program was installed I couldn’t run or open any programs. My Antivirus software “McAffee” didn’t detected viruses when I run a scan before I open the zip. After the software was install “McAffee” had block any oncoming connections from various IP Address that want to get into my computer.  I finally manage to uninstall the “Antivirus Security pro” from my “programs and features”  from windows 7 without any hassle.
 
I tried to run “McAffee” after that, to see if could pick any viruses on my computer but found nothing, due that I wasn’t very sure, I download Malwarebytes, run the solfware, and found two Trojans on my computer which I remove this morning.
 
Now this evening I have run again another scan with “Malwarebytes” and found another four “Trojans” three of them are call “Trojan.FakeAlert.RRE” and one of them is call “Trojan.Inject.RRE”.
 
The reason I am posting this, is because I want to make sure that my computer is completely clean of any malware or anything that can damage my computer or someone try to hack on my computer or stole anything.
 
I’ll appreciate some help, thanks.
 
Sorry about my English

A:I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE

Hello amagan I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 20 answers
RELEVANCY SCORE 99.6

I am the computer tech for a small private high school. I recently received a laptop back from one of the teachers. When I asked what the problem was, I was informed that she could not see any of the desktop icons or any of the files on the C: drive.

This system is an HP Compaq 6710b laptop with a Core 2 Duo processor 1.8Ghz with 1GB RAM. It is running Windows XP Pro SP3.

I pulled the hard drive and scanned it externally using MalwareBytes. It found Trojan.FakeAlert (5 occurrences), Rogue.FakeHDD (5 occurrences), and Trojan.Hiloti.Gen (1 occurrence). I put the hard drive back in the system, scanned it again and found no occurrences of the viruses.

I then ran unhide on the system to be able to see the files and desktop icons again. Ran with no problem. I then checked through the system and found *many* dlls in the Windows directory that concerned me. In searching through other malware posts, it became evident that there were other steps that should be taken. From several of the posts, it appeared that OTL would give some additional information. Therefore, I ran that but was unable to decipher exactly what it was telling me (see attached OTL logs).

Have followed the preparation steps for submitting a new malware topic, i.e.,
- Ran Defogger
- Ran GMER (see attached log)
- Ran DDS (see included and attached logs).

The biggest question, obviously, is does it look like this laptop is clean or is there more to be done? .....

Thanks in advance for all your help!... Read more

A:Rogue.FakeHDD, Trojan.FakeAlert, and Trojan.Hiloti.Gen

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 2 answers
RELEVANCY SCORE 99.6

I have run zone alarm suite(free addition), ad aware 2008, spybot search and destoy, super antispyware, kaspersku online scanner, eset online scanner.

Here is my latest HJTHIS Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:57 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.ex... Read more

A:Trojan.SmitFraud Rouge.AntiSpyCheck Trojan.FakeAlert etc.

Read other 6 answers
RELEVANCY SCORE 99.6

I am trying to clean up a neighbor's computer and have had no luck. I'm going to provide as much information as I can remember on what I've done (even if its too much info).When I first loaded windows in normal mode, the desktop had no icons, no taskbar; just the background. Then only thing I could bring up was the task manager. I booted into safe mode and started loaded programs to try and get rid of the malware. I tried:AVG 8.0, Malwarebyte's Anti-Malware, SuperAntiSpyware, SDFix. All of these seemed to get rid of some of the trojans, but the computer was never clean. I was eventually able to load windows in normal mode and get the taskbar. In this state, the computer was very slow to respond. I was able to run MBAM in normal mode and it detected new threats but when I tried to remove them, the computer sat idle (the status bar in MBAM to quarantine the threats never moved). Also, when in normal mode, when I clicked on 'my computer' from the start menu, I would get the "windows cannnot find '(null)'" error message. I tried to update java runtime environment. I was able to delete the old JRE but I was never able to reload the update (the name of the exe is: jre-6u11-windows-i586-p.exe). I was given an error saying the admin had set policies to prevent the installation.After looking through the bleeping computer forums, I saw that trojans can be in the system restore, so I flushed system restore. I downloaded combofix and started to run it, but I saw a ... Read more

A:Trojan.BHO, Trojan.Vundo, Trojan.FakeAlert, ...

Hello Vitagum and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:... Read more

Read other 8 answers
RELEVANCY SCORE 98

I first want to apologize for posting this in the wrong section. Sorry about that.

I have been working on trying to get a PC cleaned of a Trojan problem that was picked up from streaming old time radio website.

This is a Windows XP Dell Latitude D400 laptop

I have tried SUPERantiSpyware, Windows Defender, Avast Malwarebytes and Drweb-cureit all in SafeMode no networking and in regular start up mode. I have turned off AntiSpyware and firewalls and tired a second time to remove the Trojan files but it still shows that there is an infection even after reboot to Normal windows. I hope someone can give me a bit of guidance on what next to try.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Melissa at 14:32:44.62 on Thu 07/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.307 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090723-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\... Read more

A:Difficulties with Trojan.FakeAlert and Trojan.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 98

I'm posting this on behalf of a friend.Prior to this friend contacting me, she had a friend from school help her with her "computer issues". From what she tells me this friend Executed and MBAM scan as well as 2 ComboFix scans. The first CF scan crashed her computer apparently. (I told her that this was very risky, but the friend that did it didn't know any better). I did, however, confirm that the ComboFix.exe that was used was obtained from bleepingcomputer.comThe MBAM log shows that her computer was infected with a Trojan.FakeAlert (Sysvxd.exe) and a Trojan.Downloader found in C:\WINDOWS\system32\drivers\svchost.exe The ComboFix log also shows the following deletions:c:\documents and settings\Lins\Application Data\inst.exec:\windows\system32\lsprst7.dllc:\windows\system32\nsprs.dllc:\windows\system32\ssprs.dllc:\windows\unins000.datc:\windows\unins000.exeAttacht.txt and ark.txt have been attached to this post. IF you would like to see the MBAM log as well as the ComboFix log, please let me know and I will gladly post them.Below is the DDS log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Lins at 14:09:55.57 on Sun 01/31/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.281 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C... Read more

A:Infected with Trojan.Downloader and Trojan.FakeAlert

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

Read other 17 answers
RELEVANCY SCORE 98

Hi,I had a previous Max++ infection and worked with Random Random to get resolved [see embedded link: http://www.bleepingcomputer.com/forums/topic253441-60.html ] Then on January 2010 I had a similar re-occurrence on 1-22. Luckily mbam.exe was able to remove 4 Trojans in safe mode, however all my icons for all Word files/and documents, as well the Adobe icons have been stripped from all my documents and I have not been able to get them back. Now my Java Auto Updater will not update . Last successful update was 1/17/2010. When the update tries to update i get "Error 1714 Older version of Java 6 update 20 cannot be removed contact tech support. - when I go to the Add/Remove programs in Control panel and try to remove Jave 6 update 18 - error message is "file is corrupt". Then I try to remove Java 5 update 6 and I receive a message "please Uninstall thru Add/Remove program Utility 5.0 Update 6 Add/Remove Fatal Error"- I then ran 'regedit' and removed ?jre1.6.0_11-c.msi? tried to re-install Java but no luck. Please help me - since apparently the last rootkit infection came thru backdoor left open from outdated Java security.ThanksEDIT: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BPTitle was: GMER & DDS Logs will not Upload Trojan.Dropper and Trojan.FakeAlert.N, Trojan possible re-infection from Rootkit affecting Java Updater, Do Not Know How to Remove - Upload failed. The file was larger than t ~ OBHi, GMER & DDS Logs wil... Read more

A:Re-Infected w/Trojan.Dropper and Trojan.FakeAlert.N

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 82 answers
RELEVANCY SCORE 97.6

Hi,

My XP machine (SP3) was infected last night with malware around 11:30pm (TDSS Rootkit /Zlob) - I didn't figure out what it was until many hours later after many scans and much profanity (4am). Early symptoms: - cd/dvd burner disabled, - symantec corporate AV 11 active protection turned off - can't turn back on, - google results in firefox is redirected to strange search sites, - trying to run on regular boot my system taskbar freezes, cant open folders, - currently in running safe mode.

First attempts at repair: Cleaned temp/reg files with: ccleaner and spybot s&d - found reg entrys for Smitfraud-C & BraveSentry. Ran SmitfraudFix - no improvement.

AV Scans: ran stinger1001624 AV - it found nothing, finally got symantec11 to run full scan in safemode - it found nothing

Malware Scans: Downloaded and ran MBAM- found a few things including TDSS loaded in hidden memory module. it asked to reboot in order to clean - on shutdown got BSOD stop error (something about bad hardware config) rebooted to safemode. Installed trial copy of Spyhunter to see what scan found: 1 instance of VirtuMonde in c:\i386\kb929969.exe -- 120 instances of ZLOB.Trojan in HKLM\Software\Microsoft\Windows\Current Version\Internet Settings\Zone Map\EscDomains -- and Backdoor.TDSS in memory \\?\Globalroot\systemroot\system32\gasfykjenempep.dll. -- ran trial version of unhackme found TDSS in same spot named 'gasfkyoiolholr.... Read more

A:Infected with Backdoor.TDSS Rootkit, Zlob.Trojan & possibly VirtuMonde

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 97.2

Every few minutes I get a message from Norton Auto Block telling me a threat has been detected and blocked. It is always one of the viruses listed in the topic title. I have a Toshiba Satellite Laptop operating Windows Vista 32 bit with Service Pack 2. I use Norton 360, and also have NPE. I followed all of your steps in preparing my system for removal. However, I was unable to run Gmer.exe all the way through completion. It would start and then freeze and close before it completed the scan. It even did this from safe mode. Since having these viruses detected, I have also experienced problems with my computer freezing up and the open windows not responding. My mouse will move but will not interact with any icons, nor will task manager open from Cntrl+Alt+Del leaving me with the only option of a hard restart. Sometimes when it comes back it is fine, sometimes the problem occurs again within a few minutes.

Below is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jenny at 0:01:54 on 2012-07-27
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1895 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\... Read more

A:Trojan.Gen, Trojan.Gen.2, Trojan.zeroaccess.b, Backdoor.Trojan

Hello JenPoohBear and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, pl... Read more

Read other 25 answers
RELEVANCY SCORE 96.8

WOW! I need help badly! I can't get rid of these nasties!!
I tried to post this a couple of minutes ago, but I'm a senior and not too familiar with forums. If this was just posted, please forgive me for the duplication.

ComboScan v20070221.16 run by Jim on 2007-02-23 at 07:57:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jim.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:57:42 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
... Read more

A:Can't eliminate nasties! Trojan'VUNDO';Trojan'DOWNLOADER.ZLOB.FC;Worm'W32.SPYBOT';++

Hello scroller and welcome to TSF,

You posted this just fine.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Let's go after the main, active infection first, then we'll take care of the rest in the next round.

Please download and save VundoFix to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to your forum thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


--------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool. Select opt... Read more

Read other 19 answers
RELEVANCY SCORE 96.8

i dont know what is wrong maby they tie together but i need some help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01, on 2007-11-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\crusty.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\M... Read more

A:infected by zlob.trojan and trojan.dowloader.contravirus and sercurity toolbar 7.2

hi, welcome to TSG.
Please download
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.


NOTE: If you have downloaded ComboFix previously please delete that
version and download it again!

Download ComboFix from
Here
or
Here
to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just
before Windows starts to load. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a
HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its
running. That may cause it to stall

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on &... Read more

Read other 1 answers