Over 1 million tech questions and answers.

HKU generic adware found

Q: HKU generic adware found

hello. i am using windows 2000 and my avg keeps on finding HKU\S-1-5-21-1275210071-1060284298-725345543-1000\Software\Microsoft\InternetExplorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} every time it scans. i have no idea what this means. should i be alarmed? i tried looking for ways to get rid of it and found a similar topic right here in BC posted december 11, 2008 by sharkygb.

is it alright if i apply the same methods posted there? like running SmitfraudFix.exe, and then the ATF cleaner, then the SUPERAntiSypware.exe and stuff?

RELEVANCY SCORE 200
Preferred Solution: HKU generic adware found

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: HKU generic adware found

Hi yes we will run some of them may be all. but we need to see what comes back. It was good that you asked as sometimes running a tool on a PC that doesn't have the infection it was written for can have adverse affects.What tools are installed and are you running XP?You can run ATF Cleaner.Now run MBAMPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.Next Part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 17 answers
RELEVANCY SCORE 58.8

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

A:Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD

Hello ..I am moving this from XP to Am I Infected as it is a malware problem.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives sel... Read more

Read other 1 answers
RELEVANCY SCORE 56.8

Hi,

My PC and iPOD is infected with below viruses
trojan.Hider.i ,
Worm.VB.nei ,
Adware.Generic
and Adware.BHO

I have scanned my desktop with the AVG AntiSpyware But after scanning the Save report link was disabled, so i have taken some screenshots of the viruses information on the screen and attaching it.
apart from this report from other tools are below.

=================================================
********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
Wed 09/05/2007 23:10:42.77
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-05 23:10:42
Windows 5.1.2600
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\Asif Karim\ntuser.dat
scanning hidden files ...
hidden processes: 0
hidden files: 0

========================================================================
Logfile of HijackThis v1.99.1
Scan saved at 11:15:23 PM, on 9/5/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32... Read more

Read other answers
RELEVANCY SCORE 52.8

HiI got a trojan horse dropper generic ezp. Task manager was disabbled, start->run and start->shutdown are invisible, and my computer->manage is disabled.What should I do.Thanks for helpSTARLORDLogfile of HijackThis v1.99.1Scan saved at 0:09:05, on 17.5.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\Program Files\IBM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\System32\RegSrvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Alcohol Soft\... Read more

A:Avg Found: Avg Found: Tojan Horse Dropper Generic

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 1 answers
RELEVANCY SCORE 50

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 50

I recently posted about a vundo trojan and adware infection but sadly couldnt get help in time and had to reformat. Computers been running beautifully since, but today avg found 2 adware infections called "Adware Generic.VNM" there were only 2 of them 1 source from "digstream.exe" and the other from "System Volume Information\_restore{4DF7BEB3-E3D2-47C3-B32D-682F2CA7D884}\RP8\A0000205.exe", it deleted them and i am currently running a scan to see if it shows up again. Are these just common things or should i be worried? Whats the best way to protect my computer from adware/spyware. Any help would be greatly appreciated.

A:Adware Generic.VNM

Welcome to BC.Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and ... Read more

Read other 1 answers
RELEVANCY SCORE 50

Here's the pic saying that my computer is infected.I can't delete it.With HJT log, hope you guys can help.=]HJT LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 03:31, on 2008-12-02Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exeC:\WINDOWS\system32\QTRAYIME.exeC:\WINDOWS\syst... Read more

A:[Has adware.Generic] Says AVG

can anymore help??=[

Read other 18 answers
RELEVANCY SCORE 50

Hi all.
I have Kaspersky 2010 did a full scan and found no viruses at all, but seen as my laptop was loading up alot slower, was running slower and the Internet taking longer to connect.
I decided to download AGV 9.0 and it ran a full scan and it found 1 warning being
Adware.Generic "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVP"
and it wont let me delete it saying access is denied.

How do I go about deleting this problem or any software that will get rid of it.

Many thanks

A:Adware.generic...AVG

Hi there, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVP is Kaspersky Antivirus key. So AVG detecting it as a malware is a false positive. However, you should scan your system using Malwarebytes and ESET online scanner to see if it finds something.

Read other 1 answers
RELEVANCY SCORE 50

I used Ad-aware 2008 and it shows this is the virus . I tried to remove but its still there. I hope you can help me This virus is annoying, it wont let me search anything on google. If i type something and hit enter the windows will just freeze Heres my log.Logfile of random's system information tool 1.05 (written by random/random)Run by yvel at 2008-12-19 03:50:28Microsoft Windows XP Home Edition Service Pack 3System drive C: has 31 GB (80%) free of 38 GBTotal RAM: 255 MB (33% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:50:56 AM, on 12/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\CyberL... Read more

A:Adware.BHO(generic)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will als... Read more

Read other 9 answers
RELEVANCY SCORE 49.2

Hi,I have been infected with some sort of virus from a fake youtube.com link. It is slowing down my internet browsing and when I search google it is taking me to different sites to the links that I have clicked on. I have done AdAware, Spybot S&D, F-Secure and Panda scans which found the following problems:- AdAware.BHO(generic)- ch3.exe- bolivar.exe- Fake.Security Alert- Win32.BHO.je- tinyproxy.exeI cannot seem to remove any of these though, even when the scanner says it has removed it.The results from the Panda scan are shown below:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-11-06 07:51:23PROTECTIONS: 1MALWARE: 16SUSPECTS: 2;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================F-Secure Antivirus 5.40 No No;================================================================================================================================================================... Read more

A:tinyproxy.exe, Adware.BHO(generic)

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 8 answers
RELEVANCY SCORE 49.2

My AVG Anti-spyware found an adware that I'd like to get rid of. Here's the scan report from AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:01:33 PM 02/29/2008

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> Adware.Generic : No action taken.
HKU\S-1-5-21-563458471-2069919217-3551775167-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> Adware.Generic : No action taken.
::Report end
Also attached is a HJT report (newest version):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:24 AM, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guar... Read more

A:Solved: Adware-generic-need help getting rid of

Read other 16 answers
RELEVANCY SCORE 49.2

I am running XP and everytime I run AVG Anti-Spyware and I show an infection as Adware.Generic; No matter how I ask AVG to delete (Delete, Quarantine, Delete on Reboot), it still shows up. On a related or maybe unrelated manner, my Symantec Antivirus keeps coming up with Threat found, at first it is the mgrs.exe file (which I have seen on this forum) and then it is just files named by number in the temp directory.
Please help!!!
Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:30 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\Tivoli\TPMX\Agent\callhome2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\notes\ntmulti.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
c:\winnt\system32\suss.exe
C:\Program ... Read more

A:Please help!!! Adware.Generic and/or mgrs.exe

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
==========

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white b... Read more

Read other 3 answers
RELEVANCY SCORE 49.2

Hello everybodyI was here earlier in the week because of a virus problem which I thought was fixed, guess not though I am having a major problem with adware.generic viruses that can't be eliminated. I used AVG 8.0 which says they're deleted, but on reboot they are back once again. I also tried Super AntiSpyware, and MBAM but they can't detect anything. I'm using Windows XP Professional, what should I do? ThanksHere is a screenshot of the offending viruses: http://s295.photobucket.com/albums/mm141/retinchet/?action=view&current=viruses.jpg

A:Adware.generic Infestation

Photobucket resized the image... my 800 degree eyes... D:From what I see those aren't really REAL adware. I see ActiveX Compatibility. This is a new known issue from AVG 8. Look here for another forum's posts about this.I see in very very tiny letters TitanShieldAntiSpyware. Now that's something to be suspicious of. Since those 2 aren't detecting anything try something different.Download a2 FREE from here.When it finishes installing, open it, then click Update Now. When it finishes updating, restart the program if necessary, and click Scan PC on the left, and choose Deep Scan. Quanrantine everything you find, then post a log.

Read other 2 answers
RELEVANCY SCORE 49.2

Hi there,

Back once again

Yesterday my girlfriend told me she opened something at msn and now the comp was bleeped.
I thought she was over reacting but she seems to be right.

The problem is I get about 5 pop-ups a minute now. I tried scanning with ad-aware wich shows nothing.
Downloading spy-bot from any site wont work as it keeps saying the install file is corrupted.

So I scanned with avg wich came up with 14 infected files.
This are two kind of files. Adware.generic.scb (the latest.scb extention is different everytime I scan....)
And some Trojan-horse.downloaders and trojan-horse.generic

AVG also says it removes these files everytime but after reboot nothing changes.
I runned it in normal and in save mode but no difference whatsoever.

These files keep downloading bleep onto my computer so it is diffferent anytime.
According to my girlfriend this infection keeps sending through to other people on msn when you start it up.
So I am afraid to even go online.

Anyone in here know what to do now?
With my last problem I needed to re-install my entire comp so I would like to try and avoid that

Cheers,
Bart

Ps. some of the basic info would be: Dell dimension 5150 , windows xp home with sp2 and all the official dell software.

A:Adware.generic.scb Problem

Have you tried doing your scans in "SAFE MODE"? Since your having a problem with Spybot download and scan with SUPERAntiSypware Free for Home UsersIf you encounter any problems while downloading the updates, manually download and unzip them from here.Also download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out the AVG Anti-Spyware Install-Scan InstructionsThen perform this online Virus scan: Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.[i][Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Post back if your still having problems afterwards.

Read other 8 answers
RELEVANCY SCORE 49.2

Generic Adware Dr. was detected by McAfee in file C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E 727B}\RP167\A0038620.exe, Process:C:\Windows\System32\svchost.exe, Process - description: Generic Host Process for Win32 Services and mistakenly enabled for approx. 2 hours before blocked.I immediately ran Ad-Aware and it detected IEHijacker.SearchExe Object Recognized!, Type:Regkey, Data: , TAC Rating : 6, Category : Malware, Comment : , Rootkey : HKEY_CLASSES_ROOT, Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}. Had it removed. Scans after have been clean.Trend Micro found and removed 1 infection each of: ADWARE_BHOT_SBSOFT, ADWARE_SYSTEMSAVE, and ADWARE_COUPONS. BitDefender, Spybot S&D, McAfee AVERT Stinger, McAfee VirusScan found nothing. AVG AntiSpyware found Downloader.Win32.Digstream, did not remove. I also ran CCleaner. Always running Spyblaster, McAffee Security Center. There have been no symptoms. No slow downs. Everything seems to be running as usual. No alerts. I'd really appreciate someone more knowledgable than I am to take a look at my log and hopefully give me a clean bill of health. Thanks so much!!SeattleSue1945Logfile of HijackThis v1.99.1Scan saved at 1:33:48 PM, on 2/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32&#... Read more

A:Generic Adware Dr. Infection

Hello SeattleSue1945, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "Java Runtime Environment (JRE) 6". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.********************** Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It a... Read more

Read other 10 answers
RELEVANCY SCORE 49.2

I've run avg professional (running xp Professional) and it found one threat: adware generic.bbo at program files\mywaysa\srchasde\1.bin\desrcas.dll

This PC was bringing up virus! error one after another; had a terrible time shutting down. Re-installed newer version of AVG as the old one said it had missing parts and so it wasn't running correctly either. It still seems to be limping along but it's okay. Such as after rebooting out of administrator to just the regular user, then it shows me there are no test results.

I tried to Immunize with Spy Bot and it does immunize and says all known threats are being blocked. Then exit out of spy bot and go back in and still the same number of threats are not blocked.

I did this HJT log, but not sure if it is the current version or not. Any help you can give will be much appreciated. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 3:15:33 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Progr... Read more

A:adware generic.bbo desrcas.dll

Read other 11 answers
RELEVANCY SCORE 48.8

One of my friends downloaded a Youtube Playlist downloader, and I'm pretty sure it dropped quite a bit of malware. I scanned with Comodo Cleaning essentials and it found 12 threats, I quarantined all of them except one of them that I think was a false positive. My computer is still acting weirdly (Opening ads when I go on youtube), and I can't seem to fix it up. I wasn't able to enable scanning of some parts of the system in GMER I was only allowed to scan files, registry , and services. I'm not 100% sure that I have active threats on my PC, but I want to make sure.

DDS Log:

DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.2.0
Run by Chaoyi at 9:35:53 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5739.4029 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdag... Read more

A:I'm infected with adware and generic malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 13 answers
RELEVANCY SCORE 48.8

First up thank you for taking the time to read this post and hopefully acting on it in some way.I'm running windows Vista, unsure of build etc.Symptoms are as in post title: Lots of windows-looking ads telling me I've got viruses and hackers everywhere. My AVG antivirus flaring up telling me that there is a trojan of type generic 18.* and flagging various *.tmp.exe's in my temp folder . Also random icons being created on my desktop, some are links to dummy porn sites, others are called 000troj.exe, 001spam.exe and 003spam.exe.Normally I'd sysrestore -> safemode -> rescan -> delete, but on this occaision I didn't have any restore points (despite updating windows 2 days ago wtf?).I've tried to isolate the problem, but not having much luck. There was also a suspiciously titled exe in my startup folder. It's now gone, but the problems have not diminished.for you're viewing pleasure here's a ms paint mashup of some of the messages I've been getting. Any help much appreciated

A:Adware/Trojan(Generic 18*?) - *.tmp.exe files.

Not a bump, but more data to add and some specific questions.

I got another popup message telling me that "system files were missing" or some such. I thought it was more spam but on this occaision it actually shut down my laptop.

After logging back in Windows explorer seized up immediately and my entire session froze. I still have full normal access in safe mode.

Qs

Even if you have no time to help me through anything; does this remind anyone of a certain virus/malware/ anything? I've had a look at the spyware removal guides on this site but I cannot catagorize the problems I am experiencing - help in this area would be appreciated as the guides in that section appear well-written and I shouldn't have any trouble carrying it out independently if I could successfully pidgeonhole my problem(s?)

Secondly, what is the best diagnostic tool for scanning my system. I take it from the numerous messages around that combofix is no good, but would would anyone reccomend? Also should these programs be run in Safe mode or normal mode?

Again thanks in advance for any help.

Read other 2 answers
RELEVANCY SCORE 48.8

I have a windows xp home edition and i need help removing these 2 problems. I recent ran avg anti-spyware and found

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\smgr -> Adware.Generic : No action taken.

C:\System Volume Information\_restore{732A0376-7C38-487B-9C5B-B934413946A1}\RP487\A0591014.dll -> Downloader.Agent.dlu : No action taken.

the smgr i keep going into regedit and deleting but it returns as for the dowloader.agent.dlu i don't know what to do. please help my computer is very slow.

heres my hjt log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:32:29 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\mcafee.com\agent\mca... Read more

A:need help with dowloader.agent.dlu and adware.generic

Read other 16 answers
RELEVANCY SCORE 48.8

Hello

I am currently using Windows 7. I have been infected by Adware.Generic located in HKLM\SOFTWARE\Microsoft\Windows\Current Version\Run\\AVP and I do not know how to get rid of it. I have also been previously affected by trojans Generic2_c.BOMJ located in Java and quarantined.

Moreover, would this cause the disappearance of my desktop icons and menu bar after a set amount of computer inactivity?

I have scanned my computer with Malwarebytes which yields no results. Only found the trojans with the help of AVG. Also scanned with Kaspersky. During its update from Internet suite 2010 to IS 2011, it found 8 Trojan HEUR but it restored 2 of the files.

Can someone provide assist to this problem.

A:Adware.Generic and old trojan infection

Hello,yes iy is possible for the malware to alter the desktop.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select... Read more

Read other 16 answers
RELEVANCY SCORE 48.8

I recently noticed that I have a virus on my computer. After doing a little search on this site, I have download HJT and I will post my log. Please help...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:02 PM, on 10/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcpqcj0e1aa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WIN... Read more

A:Adware.virtumonde generic.dx virus

To give a little more details. This bug is had taken control of my task manager as well as my desktop background. It sends pop-ups that imitate windows antivirus 2008 (which I never clicked on). I have down a scan with Mcafee and it has quarantine 3 trojans. That allowed me to controll my desktop background again, but now I get a windows boot error message when the computer as been idle. Like a screen saver. Any help is greatly appreciated.
 

Read other 1 answers
RELEVANCY SCORE 48.4

I downloaded a video driver and all of a sudden, my trial version expired version of Mcafee that came with my computer started giving me warnings. On top of that a Heat Virus "scan" program showed up without me downloading anything.. I suspect that was another part of the virus. Since then, I have downloaded Avira, AVG 8.0.1, and Ad-Aware they all keep giving me warnings after repeated scans, but even if I delete or follow their instructions nothing changes. I tried to system restore to the day before yesterday, but after trying, the system told me it wasn't possible ??? I also downloaded a FIX off the internet Smitfraud, but I don't know if it helped. I am getting the following warnings: fake_antispyware.kc (a0026104.exe), Adwaregeneric.vdm (a0026104.exe), Downloader.zlob (a0026469.dll,67.exe,66.exe,65.exe,64.exe,63.dll), TR/zlob.cks.21, TR/dldr.zlob.abuv.44 which I imagine is all the same thing given the name. I've done the HJT log and here is what I got. I'm at a loss (albeit a panicky one) for the next step and would appreciate any advice. Thanks in advance for being so computer savvvy and generous with your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:38 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.ex... Read more

A:Solved: Zlob, Adware Generic.vdm, and fake_antispyware.kc oh my... :/

Read other 10 answers
RELEVANCY SCORE 48.4

Hi, I am running Windows 98 on IE6 and my computer is hooped! Trojans popping up everywhere, AVG is my virus program and it is finding like 1 virus every 30 seconds as long as IE is open....pop ups and new windows .... here is my HJT log - Please help if you can! Thanks!ps This is not a duplicate log.....I have two computers infected!Logfile of HijackThis v1.99.1Scan saved at 9:52:32 PM, on 6/22/06Platform: Windows 98 Gold (Win9x 4.10.1998)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\KB918547\KB918547.EXEC:\WINDOWS\SYSTEM\UTFUTZEWUG.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\LOJSFJ.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\WINDOWS\RUNDLL32.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\RUNDLL32.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:&#... Read more

A:Trojan City! Help! Virusscan Says I Have Adware Generic.ofl?

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 2 answers
RELEVANCY SCORE 48.4

Hello,

My computer recently became infected with a Trojan (at least that's what the scan I did said) and has cause a lot of problems. Any .exe file or program will NOT launch at all, I get the error saying:

"This operation has been cancelled due to restrictions in effect on this computer. Pleae contact a system administrator"

I been researching all over the internet for a while now to see if there have been cases related to mine and how I can find a solution but I found none that are as specific as my problem. The error occurs every time, no matter what I do, I can't access Regedit, Run, Cmd, nothing... the only thing that I'm currently able to use are IE and control panel (but can't still run any .exe). The user I'm currently using is Administrator, there's no other account made in the computer but this one so that can't be the problem.

By the way, I didn't scan using HiJackThis because obviously, I can't run any .exe, I tried to but no success so I used the online scan provided in one of the "The 5 Steps before Posting a Log" ( Step 2- Online Scan).
Let me know if more information regarding the problem is needed and I'll see if I can provide more.

Read other answers
RELEVANCY SCORE 48.4

Everytime i click the scan button it crashes.
 
 
I have tried:
 
Turning off anti virus
Restarting
Running malwarebytes 
 
 
None of this has worked can someone help?

A:Adware cleaner crashes on first generic scan

What operating system are you using?Where did you download AdwCleaner?What version of AdwCleaner are you using?Is it on the Desktop and are you right-clicking and selecting Run As Administrator?

Read other 8 answers
RELEVANCY SCORE 47.6

Hello

This is my first time posting, I am being bombarded with messages from McAfee that trojans (WebBuying , Downloader-BEA, and Generic.dx--several time for each) have been detected which I chose to delete each time but McAfee was not able to delete those. Sept 17 was the first attack.
I've run several scans with McAfee, Spybot S&D, Spyware Doctor , but I can't seem to shake this bug, and it is getting worse.

I un-installed IE 7.0 and reverted to IE 6 but still problem persists after diabling all the add-ons in IE.
The most noticable problem is with IE--pop-ups, attempts to go to different sites, and opening new browser windows. All types of malware and webuying sites are getting opened up.
I am also concerned about the security of the data on my computer.

Please help!
Below if my Hijack This log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:54 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.... Read more

A:Downloader.BEA , WebBuying and Generic.dx malware adware attack

Read other 11 answers
RELEVANCY SCORE 47.6

I'm currently using the free versions of Spyware Blaster, Spyware Terminator and SpywareDoctor but Windows Defender is the only antispyware programme that can find and detect this: "Adware:Win32/Generic.A" which it describes as a trojan, yet it cannot remove it. Is there anyone who can help, I'm really new to this and it really is bugging me. My only guess is that it came from windows internet explorer 7 which I hardly ever use now because Mozilla Firefox seems to be a lot more reliable and trustworthy. Below I have also used Hijack this to get a log of what might be happening if this helps.

Any thoughts from you bright young things will be much appreciated by this newbie ;0)

A:Windows Defender Finds Adware:win32/generic.a

Just to let you know that I have the same problem. I am also unable to remove the item.

What I do know is that it is flagged up by Windows Defender when I manually start-up Spyware Terminator. So it appears to be within that programme.

I am still investigating so if I get further info I will post back with my results.

Incidently, I loaded Spyware Terminator on the recommendation of a reputable computer mag.

Read other 13 answers
RELEVANCY SCORE 47.6

I have Charter Security Suite (F-Secure Antivirus) installed and the history shows the 2 files have attempted to be cleaned but without success. I couldn't understand their help documents to manually clean them, so I am asking for your help. You all helped me once before with great success, I am hoping you can do it again! Thankyou.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 7:19:32.14 on Mon 03/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.127 [GMT -5:00]

AV: Charter Security Suite 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
H:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
H:\WINDOWS\System32\svchost.exe -k dot3svc
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\WINDOWS\system32\netdde.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\clipsrv.exe
H:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
H:\Program Files\... Read more

A:Trojan.Generic.2187084, [email protected]

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 8 answers
RELEVANCY SCORE 47.2

Ran a free version of webroot spysweeper which reports Mal/generic-A found on my computer.

I read some of the other forum posts on this subject but didn't want to do anything without some help. HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:53:44 PM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\System32\snmp.ex... Read more

A:Mal/generic-A found

Read other 16 answers
RELEVANCY SCORE 46.8

Hello

I am infected with the virus vbs/generic and trojan horse small.3.0
I run a scan and it suppose that it healed but now most of my programms are not working properly and I am still getting threat alerts. What should I do. I can not send you my log report because i can t open the excel file. now I am scanning with the malwarebyte's and for now no threat found but still running. Please help I really need my pc I am writing my thesis

A:AVG virus found vbs/generic

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more

Read other 3 answers
RELEVANCY SCORE 46.8

Hi again. I wasn't sure if I should of added to my old topic, so I figured I might as well start another one.
I was reinstalling some Microsoft Office disks(Word 2002 if it mattered), and during the installation Kapersky detected a trojan. Something about its in autoplay or something. I cancelled the installation, but whenever I try to play the disc to get more info, I can't.

Anyway, I think it might just be something with how the disc works that kapersky was detecting as a trojan, but I figure'd I might as well be sure.

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:46 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Tech... Read more

A:Trojan.generic found

I would really like someone to check this, because just now I got an alert from AOL that someone else was trying to log onto my Screennames, possibly from the trojan.

Renewed Logs:

Logfile of HijackThis v1.99.1
Scan saved at 10:38:53 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Sha... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hi,

A couple of weeks ago, I let my child use my computer to play Minecraft, with a warning not to download anything (last time I let them use my computer for Minecraft they managed to get my computer infected). They didn't listen, and within three days they had downloaded multiple files. I deleted all files, cleared my recycle bin, and uninstalled all games on my computer (Minecraft, Steam etc).

However, an Avira scan detected the following which has been quarantined:
PUP.InstallCore.hsy
C:\User\S\Downloads\VoidLauncher_0994045167.exe

My Avira scan stopped halfway and froze. I ended up stopping it, making sure everything was uninstalled and then it ran the full scan.

I then did a SuperAntiSpyware scan. The log is below:

Database Version : 14064

Scan type : Complete Scan
Total Scan Time : 01:01:15

Operating System Information
Windows 10 Home 64-bit (Build 10.00.15063)
UAC On - Limited User

Memory items scanned : 1106
Memory items detected : 0
Registry items scanned : 87771
Registry items detected : 0
File items scanned : 54640
File items detected : 723

Backdoor.Generic/Variant
ZIP ARCHIVE( C:\$RECYCLE.BIN\S-1-5-21-1500282354-271373713-3767717561-1001\$RKOWB4U.ZIP )/WIFIMOUSEREMOTE.TXT
C:\$RECYCLE.BIN\S-1-5-21-1500282354-271373713-3767717561-1001\$RKOWB4U.ZIP

Adware.Tracking Cookie
C:\Users\S\AppData\Local\Microsoft\Windows\INetCookies\51BZGSMR.cookieC:\Users\S\AppData\Local\Microsoft\Windows\INetCookies\51BZGSMR.cookie [ /openx.net ]
C:\Users\S\AppData\Local\M... Read more

Read other answers
RELEVANCY SCORE 46.4

Here's my hijackthis logLogfile of HijackThis v1.99.1Scan saved at 8:44:28 AM, on 8/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS... Read more

A:Avg Found Trojan Horse Generic.zzq

Hello PFunk12 and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

Can you give me the name of the file (and it's location) that AVG is reporting as being infected?

Thanks.

OT

Read other 1 answers
RELEVANCY SCORE 46.4

I had a back door trojan on my PC in August (the first I've ever had) which I managed to clear with the help of this site.

Since then I have only used my PC once - to download my emails via Outlook Express and to download and install the free antivirus/antispyware programs using the links recommended by the analyst on this site. Despite this, when my McAfee scan next ran it picked up and quarantined the above trojan (McAfee also referred to its file name as
C:\IQON\INTERNET CONNECTION SETUP\IOLFREE\INSTALL_FREE.EXE).

As I've used the PC so little I can't work out how it got infected by the trojan (none of my emails seemed suspect).

The required logs are pasted below and attached as requested.

I'd be very grateful for advice on cleaning up my machine.

Look forward to hearing from you.


DDS (Ver_09-09-24.01) - NTFSx86
Run by Rachel at 21:16:10.42 on 05/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.155 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
... Read more

A:Generic Backdoor!zr Trojan found

Hi -

I think that may have been a false positive find by McAfee. I see no sign of active infection in those logs.

To followup, run an online scan with Kaspersky

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on Settings. Uncheck Mail databases.
Next, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

Read other 9 answers
RELEVANCY SCORE 46.4

McAfee has quarantined Generic Dropper.au on my computer, but I can't find out how to delete it or what I should do? It has changed some of my desktop settings, but I am afraid to do anything else to see anything since I don't know enough about a trojan to know what is ok to do at this point and what's not. Please advise.

Thanks!

A:Help - McAfee found Generic Dropper.au

After my initial post I found where I was supposed to follow the 5 steps which I have now done. Below is a copy of my main.txt and I will also attach a copy of extra.txt. After going throug the steps Panra found 21 infections on my computer. I need guidance on what I shoul do now. I am not very computer savy so I will need some step by step guidance to get the computer back together. Thanks!

Deckard's System Scanner v20071014.68
Run by Donna Allbritton on 2008-03-21 20:55:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-03-22 00:55:09 UTC - RP568 - Deckard's System Scanner Restore Point
47: 2008-03-22 00:47:16 UTC - RP567 - Software Distribution Service 3.0
46: 2008-03-21 18:00:56 UTC - RP566 - System Checkpoint
45: 2008-03-20 17:52:15 UTC - RP565 - Software Distribution Service 3.0
44: 2008-03-18 19:31:02 UTC - RP564 - System Checkpoint


-- First Restore Point --
1: 2007-12-23 20:40:20 UTC - RP521 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 20:57:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE:... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

HI everyone.I've run S&D and AVG anti virus and the same virus alerts keep popping up in AVG.It incessantly gives me a popup window with the following message of a virus found:"C:\windows\System32\shdocvs.dll Trojan horse Generic 7 .LAH"Then when selecting "heal" or "ignore" it gives me another file int the same directory. It also pops up if I try to Open IE.Thanks for any help you can offer.Kevin--------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:37:39 PM, on 11/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchos... Read more

A:Hijack This Log - Generic Trojan Found

Hello proud2bhaole and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

Read other 1 answers
RELEVANCY SCORE 46.4

I also have a settings.dat file that is on my desktop that was created after the rootrepeal program ran. What do i do with it?

DDS (Ver_09-10-26.01) - NTFSx86
Run by NANDO at 9:13:35.35 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1356 [VPS 091117-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
svchost.exe
... Read more

A:trojan.generic found and removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

A SpySweeper scan turned up Mal/Generic-A and App/Force Lib-A. Initially SpySweeper could not remove. Ran AVG and it claimed successful removal. However, the system was still behaving strangely - failed Outlook 2007 closure, Outlook starting in a very small screen and refusing to maximize, occasional system "lockup" requiring reboot, etc.

Did a Windows XP Repair install and followed that with all updates through SP3. Deactivated SpySweeper and followed the steps on your website to produce the following logs. I hope this is a fairly complete list of actions I have taken. Would very much appreciate your help.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Rod Clark at 21:11:32.25 on Thu 10/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2471 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS... Read more

A:SpySweeper found Mal/Generic-a and App/ForceLib-A

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 46

McAfee can't clean something called Generic Artemis on my computer. Please help me remove this malware/virus.
 

Read other answers
RELEVANCY SCORE 46

Hi,

My computer has been unbelievable slow for a few months. I have tried a number of malware programs to find something - McAfee, MalwareBytes, SpybotSearchandDestry - but none seem to have solved the problem. This may be unrelated, but all of a sudden, Powerpoint is not working (though all the other Office programs do) and my Dreamweaver instance appears corrupted. I found a forum earlier that suggesting downloading a new version of Java, which I did, but it does not appear to help. My Hijack This report is below. Any help would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:31 AM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr... Read more

A:Computer very slow - McAfee found Generic Pup.x

Hi Welcome to TSG!

Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.
 

Read other 1 answers
RELEVANCY SCORE 46

Well I was trying to watch some movie online and the browser, Avant, opened up a bunch of wierd pop up sites even when the pop up blocker was turned on. Mcafee 2007 version, my firewall protection service, reported that it found a trojan virus and it had been removed and a potentially unwated program, Genericup.dx was trying to access internet and another time, a few minutes later mcafee again reported that Generic.dx was trying to access internet. I actually happened 'google' regarding a process 'prunnet.exe' in my process tree and found its a malaware/trojan program. I happened tyo download hijackthis 2.0.2 and I am here with attaching the log info:

Please suggest me the necessary actions and I would be much appreciative of your help.

Please find the log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:50 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.... Read more

Read other answers
RELEVANCY SCORE 46

hi, i got some problems with a virus, it makes random-named dll's in the /system32 folder, wich get deleted by avg, it says they are 'virus found lop'.
and there is a trojan horse generic 9 wich tries to spread too. it infects files like reader_sl.exe (from adobe) and iaanotif.exe
the trojans seems to be '\system32\mllmk.exe' and '\temporaly internet files\...\css4[1]', wich are deleted.
css4 keeps replacing itself tough.
there is also a windows error, saying it cant open mllmk.exe on startup.
i have tried a full scan with avg free, online panda scan, spybot search & destroy, avg anti-rootkit, avg anti-spyware and zonealarm.
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:51, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\... Read more

A:Trojan Horse Generic And 'virus Found Lop'

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 24 answers
RELEVANCY SCORE 46

Mod Edit: moved to Virus, Trojan, Spyware, and Malware Removal Logs ~~ boopme
 
Hello... am i still infected? thank you in advance
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2009 12:27:42 PM
System Uptime: 28/02/2013 7:11:38 PM (13 hours ago)
.
Motherboard: Quanta |  | 3624
Processor: Intel® Core™2 Duo CPU     P8800  @ 2.66GHz | CPU | 773/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 12.271 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 66.653 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1.855 GiB free.
F: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hotspot Shield Helper Miniport
Device ID: ROOT\MS_HSSDRVMP\0004
Manufacturer: Hotspot Shield
Name: Hotspot Shield Helper Miniport #5
PNP Device ID: ROOT\MS_HSSDRVMP\0004
Service: HssDrv
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&1AEA078C&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&1AEA078C&0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP233: 27/12/2012 9:33:43 AM - Windows Update
RP234: 27/12/2012 2:59:22 PM - Installed QuickTime
RP23... Read more

A:DDS after Vipre found Trojan.Win.Generic!BT...still infected?

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
 
IMPORTANT !!! Save ComboFix.exe to your Desktop
 
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if... Read more

Read other 2 answers
RELEVANCY SCORE 46

avgfree found trojan on exe files beloning to a program I've been running for ten years. It deleted the exe files because of the threat. I loaded 3 different trojan trial software programs along with running my usual spybot, adware. Once done checking loaded a backup of the exe file back on system and avg found again and deleted. I also ran highjack this log shown below. Trying to figure out how to fix my system so I can load the exe files back on for program and be back to normal. Any help knowledge or info is appreciated, my first time at trying support log. - thanks

Logfile of HijackThis v1.99.0
Scan saved at 2:40:06 PM, on 3/9/08
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\QURB\QSP-3.0.311.7\QOELOADER.EXE
C:\PROGRAM FILES\KINGSTON TECHNOLOGY CO INC\DATATRAVELER 2.0\SAFEEJECT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\TROJANHUNTER 5.0\THGUARD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP... Read more

Read other answers
RELEVANCY SCORE 45.2

Computer's been acting a bit strange, and running HJT, I noticed weird entries I'd never seen before in scans. A McAfee scan found Generic.dx!sww. I discovered that my problems loading webpages stopped when I killed a suspicious process called comsrvr.exe. Other problems I've had have been with getting programs to open/save files, and most recently, brief hangups.Unfortunately I can't offer any more information than that (beyond the logs,) as I am not sure what it exactly all is. I don't use P2P programs and rarely go to non-trusted sites, but I guess one wrong move and it's easy to manage...Anyway, thanks to whoever can help me out with this.DDS (Ver_10-03-17.01) - NTFSx86 Run by Tiffany at 4:50:04.70 on 06/17/2010 ThuInternet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1022.365 [GMT 9:00]AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\... Read more

A:McAfee found Generic.dx!sww, other infections suspected (comsrvr.exe)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 45.2

I ran Ad-Aware program yesterday and it found a trojan, Trojan.Win32.Generic!BT
I had it removed and supposedly it is gone.
However, when I rebooted and ran in full mode, computer would accept a few commands and then after a few minutes woudl basically lock up.
I subsequently ran several other programs inlcuding Spybot, AVG, BitDefneder, ESET online.
None of them are detecting this trojan any longer.
However, my machine still runs very slow and ultimaatley locks up every time in normal operating mode.
I am in Safe Mode right now.

Read other answers