Over 1 million tech questions and answers.

Generic Downloaders & Trojan Aftermath

Q: Generic Downloaders & Trojan Aftermath

Hey guys, listen, I've been a long time fan of this site and what you guys do. You guys are a great help and have helped me greatly in the past, even though this is a new account.

So once again I need your wisdom.

My sister recently downloaded a game from the internet, and I'm sure by doing this, she also downloaded a trojan that came with it.

As I was logging in to my admin account on WinXP Pro SP2, I was greeted by my normal start-up applications and then out of nowhere the command prompt boots up...then a German application pops up (minimized) on my desktop bar...next thing I know McAfee (my anti-virus program) pops up asking if I want to grant the program "Project 1" access to the internet. That's an obvious no. Well McAfee pops up two to three times more prompting the same thing, only with two other programs that I'm sure were viruses/generic downloaders.

So I do my standard clean-up...I run Ad-aware SE Pro, McAfee Anti-Virus '05, and McAfee Anti-spyware. Ad-Aware finished and everything it picked up, I deleted. McAfee anti-spyware finished and I deleted a whole bunch of spyware/adware...pretty standard. McAfee anti-virus pops up with 5 components all which it labled as Trojans or Generic Downloaders. Each trojan, (I believe) was named "Dollar Revenue." McAfee asked me if I wanted to "Clean," "Quarantine," or "Delete" the Trojans. I tried all three options but mcAfee was unable to do any of them. I figured I would have to re-start my computer and boot into Safe-mode to rid myself completely of viruses.

I did the exact same process only in Safe Mode, this time McAfee picked up 18 Trojans/Generic Downloaders...most of which were in the System Volume Restore folders...

Anways...I had to leave for work so I deleted the viruses (it worked) then went off to work. 8 hours later, my parents tell me that when they logged on to their accounts, McAfee still popped up with the same "Do you want to grant access to 'Project 1'" message. So my parents did a virus scan and found 2 Trojans. They said they quarantined them.

So after all this happened I logged on the computer, and low and behold McAfee doesn't come up and it seems like problem solved.

However, knowing better I felt I should still create a HJT log and have you guys work your magic and tell me the truth.

Hope this was thorough enough for you guys.

I think it may be important to tell you guys that there are 4 accounts on this computer. Two are "admins" and two are "limited." This log was made on an admin account.
Programs I usedMcAfee 2005 Security Suite
McAfee Anti-Virus Scanner
McAfee Anti-Spyware Protector
Ad-aware SE Professional
Registry Mechanic (no relation, but it does make Windows boot much faster)

Anyways, here's the log:


Quote:




Logfile of HijackThis v1.99.1
Scan saved at 12:40:34 AM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\rcss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rhodeisland.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\Star Downloader\SDIEInt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue in Star Downloader - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - C:\Program Files\Star Downloader\leechie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://google.com/
O14 - IERESET.INF: MS_START_PAGE_URL=http://google.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{D326E185-9817-43DA-A8FB-13AD345EE2D8}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\Aluria Security Center\ascserv.exe (file missing)
O23 - Service: asKernel - Unknown owner - C:\PROGRA~1\Aluria Security Center\asKernel.exe (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)

RELEVANCY SCORE 200
Preferred Solution: Generic Downloaders & Trojan Aftermath

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Generic Downloaders & Trojan Aftermath

Bump.

Read other 6 answers
RELEVANCY SCORE 61.6

Just wondering if anyone could help me with a few problems with lots of different things at the minute. First of all i ran a virus scan with McAfree last week sometime and everytime it got the directory C:\Documents and Settings\username\Complete it would find lots of files containing a virus, w32.generic.m this means nothing to me. I left a scan running for 15 hours and it would still be scanning the same folder and finding the virus and deleting it so i decided to check how many files were in the folder and what they were, there was about 24,000 file in the folder taking up about 3Gb of memory so i checked what was in it and i found several files of about 198Kb in size and they were all .zip files which was what my McAfree had been deleting. i deleted the folder as a virus scan deleting these would have took about a week.

A few days before doing the virus scan i installed firefox as it is one of those highly rated things and i wondered what i was missing out on. When i installed it for some sites it said i needed flash player to view the content pretty sure i already had it i went ahead with the download anyway came to the install and got a message half way through:
Error opening for Writing:
C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
click to abort
retry
or ignore.
​i chose ignore then i got this message.

Error opening for Writing:
C:\WINDOWS\System32\Macromed\Flash\NPSWF32_flash_Util.exe
click to abort
retry
or ignore​
so ignore once again and the ins... Read more

Read other answers
RELEVANCY SCORE 57.6

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 56.4

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

Read other 2 answers
RELEVANCY SCORE 56

Getting pop ups. Virus software detects problems but cannot fix them.AdAware detects "Purity Scan"Spybot cannot fix:DeskbarDownloader.Tsupdate.LHousecall froze while attempting to delete these problems:TROJ_DLOADER.BSKTROJ_GenericADW_Mediamotor.lTROJ_LOWZONES.AKADWARE_BEGIN2SEARCHADWARE_SAFESURFADWARE_MEDIAMOTORHere is the Log from BitDefender:C:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Infected with: Trojan.Downloader.YMC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Suspected of: Trojan.Downloader.Small.BCBC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) Infected with: Trojan.Lowzones.CZC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>... Read more

A:3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 11 answers
RELEVANCY SCORE 55.6

Lol, for a little while i've been getting this Trojan Downloader alert coming from the AVG Anti-Virus folder. I've let it sit for a while, i've scanned and such, and i've tried to handle it myself by healing, sending it to the virus vault, etc, and trying to get it to go away just with having AVG handle it. It hasn't really worked, and I don't want to make the problem worse, so I've come to Tech Guy. :3

Here's the HiJackThis log.

MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi... Read more

A:Trojan Downloaders. :3

Don't mean to be a bother, but the topic nearly dissapeared. Just trying to get it back up, but I don't want to spam.
 

Read other 2 answers
RELEVANCY SCORE 55.6

So I've started cleaning some trojan downloaders out and cleaned out some. Would much appreciate help in eliminating what seems to be remaining in part or full form. Things are much improved now, much less pop-ups, but the concern remains that there are still infections. Running for instance system doctor suggests I have a few items still going, not sure if I may clean these myself or it is worth buying that version to help. Much appreciation for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:25 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Trojan Downloaders And More!

Hello iwon,Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Read other 33 answers
RELEVANCY SCORE 55.6

I don't know who to believe. I am running reg cure, webroot spysweeper,defender,McAfee,and windows malicious software removal tool. To start out I noticed my processor was running pretty high from it's norm. I usually use foxfire to log into the net but also use IE for some apps. My IE was redirecting me to a site called mywebsearch.com. I could get on my home page. the is started to do it to foxfire too. Before I lost internet connectivity I downloaded all the programs stated above to run a virus scan. Defender picked up a trojandownloader called win32/small.gen.c, regcure piced up infected registry keys, McAfee would scan then go to blue screen, same with webroot, but it also pics up infected reg keys,shortcuts,ect. and microsoft pics up a trojan called winNT/Alureon.C.
It seems everyday someting else is missing on my computer. I can't run anything from my dvdplayer,process won't start,internet connection is lost, ect. what do I need to do. I can't even dump it and start over. my player won't run now.
I am using my backup computer right now, but it is limited to what it can do.

Almost forgot I am running vista untimate and I do have Hijack This also.

A:trojan downloaders

I was really hoping for some answers to my questions!!!!!!!

Read other 2 answers
RELEVANCY SCORE 55.6

Hey everyone, lately there has been a slowdown in my computer and alot of bad possesses.

A:Trojan downloaders?

In order to assist you effectively and identify the offending malware, we need more specific information. Please read Before you post about a problem, Some simple guidelines, then reply back here.What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What issues/symptoms of infection do you have?What actions have you taken so far?

Read other 1 answers
RELEVANCY SCORE 55.6

I'm having trouble with a whole bunch of trojan downloaders and I'm not sure on how to get rid of them.
Trojan-dropper.win32.agent.hl
Trojan-downloader.win32.qoologic.v
Trojan-downloader.win32.apropu.ae
Trojan-downloader.win32.agent.qg
Trojan-downloader.win32.qdown.z

Here is my hijack this log. I hope someone will be able to help me. I'm not familiar with trojans, so any help would be nice.

Logfile of HijackThis v1.99.0
Scan saved at 9:10:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\Comm... Read more

A:Trojan downloaders

Read other 7 answers
RELEVANCY SCORE 55.6

Hi, I have been having issues recently with my Dell laptop. I believe that I opened a malicious file and that I downloaded several Trojans, as that is all my Avast! seems to find every time I start my computer. I don't know how to get rid of them myself and I really need my laptop back! Thanks in advance!KASPERSKY ONLINE SCANNER REPORT Saturday, April 19, 2008 8:34:57 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 19/04/2008Kaspersky Anti-Virus database records: 715149 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWSC:\DOCUME~1\Kristine\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 19811 Number of viruses found 6 Number of infected objects 15 Number of suspicious objects 0 Duration of the scan process 00:24:24 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped ... Read more

A:Trojan Downloaders And More

Hello vidakriss,Welcome to Bleeping Computer Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks,tea

Read other 7 answers
RELEVANCY SCORE 55.6

Help pls!! I've picked up and can't get rid of several Trojan Downloaders:

Downloader.Dyfica.3Al
.Small.41.J
.lstbar.AP
.lstar.9D

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sahagent.exe
C:\Program Files\180searchassistant\sais.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h... Read more

A:Help!!! Trojan Downloaders

Uninstall the following from Add/Remove Programs:

180solutions
PowerScan
SurfAccuracy
YourSiteBar
--------------------------------------------------------------------------
Download: Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Reboot.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup,... Read more

Read other 1 answers
RELEVANCY SCORE 55.2

Introduction and a little background on the problem:

Hello! I am a new member (thank you, thank you) who is prone to having bad things happen to good computers. Ok ... here it is. I have removed viruses and spyware manually a couple of years ago, but nothing recently. This is not my own computer (but ironically, it is one I am using while my computer is getting fixed).

The other night I was looking at one of those sites for myspace greeting icons. A bunch of windows popped up and as I tried to keep up and X out of each one as the computer's speed would allow, something installed automatically. There was an instruction in the details of the program that indicated that if the program was unwanted, I could go to the website and uninstall it. STUPID, I know .... but I did.

I tried to run an anti-virus scan on the computer as this computer apparently has Norton / Symantec; however upon closer inspection, there were no executable files in the Norton folder. I could not get the computer to scan. So ... I went out and bought a cheap $20 Defender Pro 5-in-1 product from a store and ran a scan.

It detected Spyware AND viruses.

Seemingly I have "WinAntiSpyware" and can't get rid of it. I tried going to the Symantec website and it gave me instructions to remove the 2006 version. I have the 2007 version. None of the keys in the registry matched up with what the website said to remove.

It detected the following trojans:

1- Trojan-downloader.java.openconnection.... Read more

Read other answers
RELEVANCY SCORE 55.2

Hello. I've recently had a large problem with what I think were Trojan downloaders amongst other things. I've followed several of the suggestions on this site and no longer "seem" to have a problem. Previous problems included pop-ups and my Firefox browser trying to connect to a random site. Every time I ran a virus scan it keep coming up with new viruses. However, I think that they may be gone, but I am unsure and could use any help you have to offer. Thanks in advance.I'm not sure what I am doing, but here is my HJT log:(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast)Logfile of HijackThis v1.99.1Scan saved at 4:30:33 PM, on 31/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1&... Read more

A:Am I Clean? (trojan Downloaders Etc)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

Read other 2 answers
RELEVANCY SCORE 55.2

Here's the Log of my PC(it runs Vista). It wasn't directly infected, but I think a virus may have piggibacked off the infected Tablet on a USB drive I used. Logfile of HijackThis v1.99.1Scan saved at 10:36:49 PM, on 6/16/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\hp\support\hpsysdrv.exeC:\hp\KBD\kbd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Mozy\mozystat.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows S... Read more

A:Infected By Trojan Downloaders on PC

Hi ,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed. And please describe why you think you might be infected and any symptoms you may have.

Read other 6 answers
RELEVANCY SCORE 55.2

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 55.2

I seem to have gotten new threats of win32 trojans on my anti virus software. I have run superantispyware, but it did not dectect any threats. I am running Windows Pro SP2. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device... Read more

A:More Win32 Trojan Downloaders

Read other 6 answers
RELEVANCY SCORE 55.2

This is the log created by hijack this, this is also my work computer so I'd like to avoid trouble and get it resolved quickly...I have installed AVG anti-virus and ZoneAlarm firewall and I have run AdawareSE and Spybot Search and Destroy.....Please help me.....Thank youNicholLogfile of HijackThis v1.99.1Scan saved at 9:20:44 AM, on 06/21/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\csasvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\SOUND... Read more

A:Trojan Downloaders And Worms

Welcome aboard, lets get started Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.==Then after that, do the following scan and post the results:Please download Dr.Web CureIt to the desktop:Double-click the drweb-cureit.exe file and allow to run the Express scan.This will scan the files currently running in memory and when something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer!! Because it could be possible that files in use will be mo... Read more

Read other 14 answers
RELEVANCY SCORE 55.2

My laptop is running a lot slower than before. Kaspersky Internet Security 7.0 detects lots of malware, mostly trojan-downloaders and other spyware. I choose to delete them, but when I reboot, the same viruses pop up. Also, new viruses pop up too. I've tried using CounterSpy, KIS 8.0, ESET Nod32, but none of them could remove the malware. Please reply. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:23 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\In... Read more

Read other answers
RELEVANCY SCORE 55.2

hey can someone plz help me i have a zolob trojan downloader and it keeps giving me nvctrl.exe and mssearchnet.exe and other things i will run the smitrem and everything in windows safe mode it also occasionally gives me spy falcon and i will go through the deleting prccess in windows safe mode and it will be gone for a few minutes but then later it comes right back it shows up on my microsoft spyware remover as spyaxe and trojan downloader i will remove it but it does no good i also use ewido to clean them still no good it goes crazy on ewido. I AM AT WHITS END WITH THIS CRAP.

A:Zolob Trojan Downloaders

You could try A?, a Trojan hunter. Just recommended it a few posts above. Free download.

Read other 5 answers
RELEVANCY SCORE 55.2

I had been getting various error messages when using windows explorer. I also get an error message when trying to use internet explorer. And subsequently can't use internet explorer. The error message looks something like this.Runtime ErrorProgram: C:\\ProgramFiles\InternetExplorer\IExplorer.exeThe application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information.A while later the Mcafee software that I had been using detected a virtumonde virus, but it wasn't able to delete it. I have since unistalled Mcafee and installed the AVG Free edition. I have used the Vundo Fix and the VirtumondeBegone, they removed quite a lot of things in my computer, but I don't think that they got all of it out. So far, after all of this, I have ran the AVG Free antivirus, Spybot, ad-Adware SE, Super AntiSpyware, Ccleaner, BitDefender, Counterspy, and I installed a Zone Alarm Firewall. All of these programs seemed to find and fix different problems. After all of this, Im not getting the error message from using windows explorer, but Im still getting the error message when trying to use internet explorer. The AVG antivirus has been continously finding viruses in my system restore.Here is a recent log from HiJackThisogfile of HijackThis v1.99.1Scan saved at 4:56:55 PM, on 4/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\S... Read more

A:Virtumonde/trojan Downloaders

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

Read other 3 answers
RELEVANCY SCORE 55.2

Hello, I am an employee at a dental office. One of the receptionist's computer is experiencing Trojan softwares and frequent freezing problems. The computer uses Windows XP Professional and Internet Explorer as its browser. The computer is used for dental office softwares and for researching insurance details on the Internet. When the computer starts, after the login screen, the following error windows appear.Malwarebytes' Anti-Malware is already installed on the computer. However, it would not start up despite multiple attempts.The free version of Spyware Doctor is installed after the appearance of the freezing problems, and found the following spywares.Internet Explorer is also experiencing problems. Not only Google searches are slow, but also clicking on links opens a window either linking to advertisements or to a blank page with this message,Welcome to the MIVA DLL. Please enjoy your stay.Initialization errors: 0 with an URL similar to thishttp://204.137.28.195/bin/findwhat.dll?clickthroughy=52593x=1ZEJg6mkAsVK1apaET9Z54VbiTxZb7FmACEgEgsln2VXTCEnl47iICFmylE:5Tqv96IyQgSmsayKe4ZyylZSpaEYDtI0EN9LNiaIEJE4TNxqTCITslLLM2IQ5Hr;ABsIeTZdTtPA5aZrLarGDgIYt7bspcP2AlxqQCaguct0b4LwbcFFyJIzbufG3 The computer also freezes, and the freezing happens randomly. Sometimes Internet Explorer is running, while sometimes no programs are running at all.The computer is vital to continuing providing quality service to our patients. We appreciate any help Beeping Computer and its staff and m... Read more

A:Freezing with Trojan-Downloaders

The computer also can not create a restore point. It asks for a restart. However, it still does not work after restarts.

Also, the computer frequently freezes before showing the login screen. The computer must be restarted manually.

We value any help available. Thank you!

Read other 7 answers
RELEVANCY SCORE 54.4

THis i the tablet I mentioned in my earlier post. It got infected by which then proceeded to download a bunch of others. THis tablet is running XP.Logfile of HijackThis v1.99.1Scan saved at 10:42:21 PM, on 6/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ccmsetup\ccmsetup.exeC:\WINDOWS\system32\Dashsvc.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Softex\OmniPass\Omniserv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Window... Read more

A:Infected By Trojan Downloaders on Tablet

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing. Here are some great free antivirus programs:Antivir, Avast!, AVG, Bitdefender FreeInstall one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | ... Read more

Read other 25 answers
RELEVANCY SCORE 54.4

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

Read other 1 answers
RELEVANCY SCORE 54.4

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers
RELEVANCY SCORE 54.4

This is a business computer on a network- so far it's the only client infected. Several hours of work have apparently removed many infections, only to have some reappear from these infections which I can't seem to lick.I have run Adaware (from Lavasoft), Spybot Search and destroy, Trendmicro's free online scanner, and have since installed AVG anti-virus. Hijack this fails to run generating an error, many websites (including this one) are blocked on the affected client- I have to correspond from another client.Here are my Kaspersky log, followed by my DSS logs.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 18:17:33 Records in database: 981279--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Program Files C:\WINNTScan statistics: Files scanned: 11383 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:36:31File name / Threat name / Threa... Read more

A:2 Trojan Downloaders, Virtumonde, And Possibly More

Hello Justme- and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 16 answers
RELEVANCY SCORE 54.4

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 54.4

Hey guys --

I have a computer that was infected so I did the necessary things to clean it out, or so I thought. I use TrendMicro's OfficeScan on the computer. After cleaning, it did not find any threats, but the next day the threats started at around the same time(noon). It seemed like a downloader since it pulled 20 threats in under a couple of minutes and stopped once I pulled the network cable out. The first day I had a process named 17PHolmes572.exe which had multiple instances in task manager. Cleared those and the next day it became something like b133.exe.bin . And today I noticed a process mrofinu572.exe which I looked up and it said that it was malware. The types of viruses found by officescan are TROJ_VUNDO.BIN, TROJ_PURITY.AD, TROJ_DLOADER.AER, TROJ_RENOS.FV, TROJ_Generic.A, TROJ_ZEROML.BJR, TROJ_DROPPER.AIO, TROJ_DLOADER.HBK, TROJ_AGENT.HGN (Multiple instances of each). Also ran Ad-Aware which cleaned registry infections and possible browser hijacks. I've cleaned with ad-aware, scanned with officescan, cleared temp files and folders and also the ones under Content.IE5 path. A few of the files wouldn't delete under this path so I ended the explorer process and deleted them through the command prompt. This seemed to rid of them. Heres the posting of my HiJackThis log from today. All help is much appreciated . The process C:\WINDOWS\TEMP\XV7FB1.EXE is what OfficeScan uses to redirect an intruder. Something to do with OfcDog.
Logfile of Trend Micro ... Read more

Read other answers
RELEVANCY SCORE 54.4

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 54.4

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 54

Hi TSG,

I urgently need help: currently both AVG and SUPERAntiSpyware both picking up traces of trojans, downloaders, and tracking/vundo adware. I've already tried using the VundoFix from googling a previous TSG thread, however even after rebooting, removal doesn't work. However, I'll post a fresh HiJack log as well as a SUPERAntiSpyware log, and start from the beginning. Any help would be greatly appreciated! Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:10 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "... Read more

Read other answers
RELEVANCY SCORE 54

ok i just Re formated my . Dell Computer .

and im getting all pop ups and something downloaded automaticly on my pc after 20 minutes... i uninstalled and deleted in folder by the name of it

Works fine but one thing now

( i got Avast4! btw just downloaded and installed )

most of the time when i click a link i search on google.com like
i search this website

Google.com > Tech Support Guys > then sometimes it goes to a different website then it should go to....

pop ups seem to under control

I blame norton

LOL I JUST GOT A LITTLE ERROR LOOK-A-LIKE POP UP SAYING

Get Free Viagra

.... please fix that lol

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:12 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ju... Read more

A:Popups / Trojan / Virus / Downloaders / THIS IS MAJOR

Read other 10 answers
RELEVANCY SCORE 54

My computer became infected with several types of things that do not seem to be completely deleted or cleaned by any of the various system scans i have doneOne common thing that my McAfee firewall is repeatedly detecting and removing is the Vundo trojan, which i assume is a result from a trojan downloader that is difficult to removeI'll still get random pop-ups when online and i usually get redirected from my homepage to a random ad site when using Internet ExplorerAny help would be greatly appreciated, thank youHere is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:51 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program File... Read more

A:Infected With Virtumonde, Trojan Downloaders, And Adware/ad Pop Ups

Hi,First of all.. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your s... Read more

Read other 14 answers
RELEVANCY SCORE 54

Hi,
I have huge problems on my PC.

I am getting explorer windows pop up automaticly to sites like:

http://securityonpage.com/?gai=hamm...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.protectroom.com/?gai=ham...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.savetheinformation.com/v...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

also i am getting ballons continually poping up with things like:
System Alert : Melware Threats
Security Alert: [email protected]
System Performance Monitor: Warning (summery system slowed 47%)
Security Alert: Spyware Found - WSA Trojan
Security Alert: Trojan-spyware win32.mx

and error messages like:
Security Warning: New Variant of [email protected] Trojan
Fatel Error! Unhandled Exception: Invalid Operation - Would you like to download latest version of antivirus software?

and these 2 icons keep appearing on my desktop, in my start menu and in my internet Favs. as soon as i link my Local Area Connection
they are : Online Security Guide
and Live Security Warning

It Just won't Stop. every 10 seconds or so, something is poping up.

i see that there is alot of other people with similar probs so i tried a few of the solutions and came up empty handed.

Here is a copy of my latest HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDO... Read more

A:Solved: HELP!! Trojan, Downloaders, Worms & Possible Spyware

Read other 15 answers
RELEVANCY SCORE 54

i went through and i scanned using spybot, norton, ad-aware, stinger, bit defender, and i got alot of trojan horses and downlaoaders and some redirected hosts. But im not sure if i got everything.this log is sort of old, nobody responded to my other post about this. (i think i needed a better title)Logfile of HijackThis v1.99.1Scan saved at 12:33:38 PM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) (i need to get ie 7)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files&... Read more

A:Trojan Horses, Redirected Websites, Downloaders

Welcome to the BleepingComputer HijackThis forum shinji1146 Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)Exit Hijackthis.*******************************Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.*******************************Please run this online virus scan:Activescan using Internet Explorer.Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Com... Read more

Read other 9 answers
RELEVANCY SCORE 54

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00... Read more

A:multiple trojan downloaders and spyware issues

another problem seems to be spamming - can't see desktop for small email boxes covering it 4 fold when net connection active!

need my pc for uni on monday - typical timing!

Read other 16 answers
RELEVANCY SCORE 54

Got some sort of nastiness from a .Doc or .Pdf file a few days ago. AVG is calling them Win/32Cryptor, Trojan/Sheur.2, also have had other downloaders although I've got them gone for right now. Also system services seem to have been infected by something that usually has no name on the AVG readout, winlogin.exe, iexplore.exe, svchost.exe, lsass.exe, services.exe. Also have running in my task manager a 3448584324.exe. Note I am in Safe Mode right now. I am unable to get Malwarebytes Anti-Malware to run at all, no matter if I rename, change extension etc. Also My computer is locked in a dumbed down mode where I am unable to rename extensions, but I am still able to run cmd and rename thru the DOS prompt. Regardless, it hasn't worked. I'm calling in the big guns (IE you guys) now because nothing I've got will even run, nevermind work. Also, when initially infected I was unable to get anything to work, constantly would get iexplore.exe errors, saying Windows is shutting down this program, send message to Microsoft blah blah and would constantly cycle and appear to restart explorer. I was able to get those out for the most part with AVG in safe mode but in my past few days of trying to my fixes with redownloading and reinstalling AVG and MBAM it would occasionally come back and start doing the same iexplore crashing again and would require AVG runs again to remove, unfortunately to don't have those logs. Also have the browser redirect problems I've seen on here numerously where ... Read more

A:Win32/Cryptor, Trojan/Sheur.2, downloaders

After much frustration I went and followed another similar thread, used combofix, which removed a rootkit UACwxdunwmc.sys among other UAC files in windows system, which allowed me to get MBAM running, which allowed me to get superspyware going. So those logs are definitely too old to use. Latest MBAM from today shows nothing. Here are my last couple logs tho until it ran clean. Superspyware hasn't run clean yet, tho I haven't run it again after last MBAM, so here is that log. Currently running Kaspersky Online scan. I realize that some of these logs won't help and will need another one for assistance, just wanted to attempt to get interest and help since was unable to at first. Firefox is still running pretty crappily, memory hogging way more than I've seen before at about 136,000k and fluctuating wildly. Stuttering graphics are also noted. Haven't tried to play any games or had real time to sit down with it since clean to check other problems but my browser redirects are apparantly gone as of right now. I will update this when the Kaspersky scan completes.http://www.superantispyware.comGenerated 04/02/2009 at 03:08 AMApplication Version : 4.26.1000Core Rules Database Version : 3824Trace Rules Database Version: 1780Scan type : Complete ScanTotal Scan Time : 00:58:17Memory items scanned : 416Memory threats detected : 0Registry items scanned : 5947Registry threats detected : 3File items scanned : 28095File threats detected : 7Rogue.Component/Trace HK... Read more

Read other 12 answers
RELEVANCY SCORE 53.2

When I looked into my AVG virus vault today I was concerned to see a series of trojan droppers and downloaders. There were 7 entries, and in order here's how they appeared:
trojan horsedropper.agent.CRO (twice)
trojan horse downloader.agent.INL (3 times)
trojan horse downloader.generic.3NPE (twice)
trojan horse backdoor.generic.2AJH
trojan horse dropper.agent.CRP

then when I ran Panda software these 2 viruses were found:
virus: trj/downloader.MSN
virus: trj/killav.FD (this one is located in the system32 file)

looking for more information on these is like wading through muck...
I have ran the AVG,panda software, adware and hjt and here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:06 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2ev... Read more

A:Trojan horse droppers, downloaders and backdoor- they all appear in my system

i am still on awaiting some direction please!
 

Read other 2 answers
RELEVANCY SCORE 53.2

Everytime it gets to deleting temp net files it just crashes. I tried reinstalling it several times but nothing. I'm getting bestantivirusseller pop ups. the log i got from the free computer scan said I have viruses and hacker equipment on my computer. This whole process has taken me HOURS to complete. MY net explorer keeps freezing. I had to shut down my computer a few times manuelly. Once when it started up it froze with just my desktop picture for about 5 mins. it's like whatevers in my computer is trying to prevent me from doing this. I keep finding trojan horse downloader.generic4.ZQI in AVG....spysweeper is finding nothing but trace cookies. I'm not sure how anyone can help me without the dss log though.

A:DSS wont complete-viruses,trojan downloaders and popups

Hello hybritical and welcome,

Please run dss.exe again, but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

In the dialog box that appears:

Under the Main Log heading--Uncheck Temp Cleanup
Under the Extra Log heading-- 'Check' each box if they aren't already.

Click Scan!


When finished, it shall produce main.txt and extra.txt for you. Please include those in your next reply.

Read other 13 answers
RELEVANCY SCORE 53.2

Hi my first post. When I turned on my pc this a.m. my desktop icons/start button were gone and there was a fake screen called a
"Control Center" in place instead. My desktop background was there.
I went into task manager to get online and I ran AVG. I had two Trojan
downloaders. One is called Generic 9.AFFW and the other Zlob.AQOR.
AVG put these in the virus vault. I am pretty sure all this came from
downloading some music last evening. In seven years I have only had
one other trojan that I know of.

I can search around the internet and at first I was being redirected to
weird sites, like maybe two sites, and then the one I actually wanted.
Now that is not happening anymore. The worst problem is the fake
"Control Center" which happens after I sign in. The desktop icons are missing and so is the start button. I cannot get online except with
Task Mgr. I have also tried to download SDFix and while extracting the
files in the middle of that I get a message saying C:\SDFix\apps\installed.txt "access denied."

This is quite frustrating and I have been trying to find ways to fix this
for 3-4 hours to no avail. Any help would be very much appreciated
and I am glad I found this site. Thanks in advance - irisheyesrshinin
 

Read other answers
RELEVANCY SCORE 53.2

Hey guys my problems started two days ago when I logged into Paypal. I downloaded a new program to make online debit card purchases called Paypal Plugin and I got an Active X message asking, do I trust the publisher, Paypal INC? I clicked yes and ran the installation. As soon as I ran the install my virus software warned me of a Trojan Dropper and a downloader. Immediatley I began recieving pop ups including on which said Paypal Plugin was succesfully installed. My computer crashed due to the amount of uncotrollable popups. Once I got the system back up and running Paypal plugin never installed on the computer and I am left with an almost useless computer. I called Paypal and got the runaround telling me just to turn on my popup blocker and I would be set, LOL.I have followed the instruction to the "T" on posting a Hijack This log and I hope someone can help. It has taken roughly 30mins just to post this message so I have a feeling I have several issues going on. I am going to post the Hijack This log and a Combo fix Log below. I will be looking forward to any assistance.Hijack This LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:24:41 PM, on 11/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

A:Downloaders, Trojan Droppers, Mrofinu72, Spyware.cyberlog-x, And Many More

bigjeepzz1. Open NotePad (not wordpad). Copy and paste the following into Notepad (Not the word code)File::
C:\WINDOWS\SYSTEM32\faupwkxa.dllbox
C:\WINDOWS\SYSTEM32\mlmmsbgk.dll
C:\WINDOWS\SYSTEM32\kgbsmmlm.ini
C:\WINDOWS\SYSTEM32\hulbmlxj.dll
C:\WINDOWS\SYSTEM32\faupwkxa.dll
C:\WINDOWS\SYSTEM32\pgmklocg.exe
C:\WINDOWS\SYSTEM32\nhamfmih.dll
C:\WINDOWS\SYSTEM32\jkkijig.dll
C:\WINDOWS\SYSTEM32\winpows.exe

Folder::
C:\Program Files\QdrModule
C:\Program Files\QdrDrive

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}&... Read more

Read other 10 answers
RELEVANCY SCORE 53.2

Hello every, my name is Tracy I am a teacher, as well as a student. I am a bit of a newb when it comes to computers though, and am really hoping someone can help me. I desperately need my computer this weekend to work on several papers for college. My computer was running very fast for the longest time, then the other day Microsoft security essentials picked up several problems, I listed all the description Microsoft essentials gave me after cleaning my computer. After that happened now when I turn on the computer it runs ok for about an hour, then it just gets slower, and slower, finally I have to hit the power button as the whole computer freezes up. Here is the hijack this log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:19:55 AM, on 9/18/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Prog... Read more

A:Hijackthis log file, desperately need some guidance, Several Trojan Downloaders.

thanks everyone for all the help, luckly another forum isnt as busy as this one.peace

Read other 2 answers
RELEVANCY SCORE 53.2

I know I've posted logs on here, gotten some help, and not posted follow up logs afterwards, but I'm through with that. I wanna get this clean and done for. I'm tired of my computer acting up and I'd really appreciate some help from you guys in getting free from this menace. For Anti-Virus software, I'm using the AVG Free edition. I've got Clean Up! which I use at least once a day, and fully updated Ad-Aware. AVG will find trojan downloaders and delete them, but they always come back upon restart so there has to be some it's not finding. This log is the most up to date, which I did right after a scan from Clean Up!, Ad-Aware, and AVG.

Logfile of HijackThis v1.99.1
Scan saved at 8:25:32 PM, on 2/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\services.exe
C:\WINDOWS\LTMSG.exe
C:\window... Read more

A:Browser Hijack, Trojan Downloaders, and lag on online games

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Please do not use code tags to post your HJT log - a simple copy and paste into the reply box will work fine.

Read other 4 answers
RELEVANCY SCORE 53.2

Hello,
I went on page that, it seems, changed my homepage and the next time i opened IE, I was infected with trojan downloaders. Now, when i open IE, I get a screen where "Second thought" tries to install itself and asks for me to "press enter". And another copy of this page starts every, like, 10 secs, so i have to unplug my router and it stops, so i scan with AVG and SpyBot and clean everything, and change my homepage. But still, when i re-open IE, all the sh*t gets downloaded again and asks me to press enter.

There seems to be no more traces of it but it all comes back with the opening of IE.
So I dont know what to do and I'm asking your help, thanks.

I'l post my Highjackthis log if it can help:

Logfile of HijackThis v1.98.0
Scan saved at 16:09:59, on 2004-07-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BullGuard\BullGuard Scan Server\bdss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

A:When i open IE, I get trojan downloaders, even if anti-virus said im clean, help!

Read other 16 answers
RELEVANCY SCORE 52.8

I have been working on my computer for the two days trying to get rid of virtumonde! I keep getting popups from winpatrol that its is in iifecax.dll and jkhhi.dll in the system32 folder. I try to delete it and it is attached to explorere.exe and winlogin.exe. I try to kill/ unlock the process and the system crashes. I have scanned and deleted it in safemode with adaware 2007, AVG antispyware, and superantispyware several times but each time I start the computer up again there it is!!!!!! PLEASE HELP!!! I guess a HJT log might help?
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.... Read more

A:I need my computer tomorrow at work!:mad: Vicious Virtumonde and Trojan Downloaders!

Read other 13 answers