Over 1 million tech questions and answers.

Backdoor.rbot log, probably in wrong place

Q: Backdoor.rbot log, probably in wrong place

Sorry if this is in the wrong place, but I have 4 endusers with this infection and am at ropes end. Is this also a good time to format the bckup HDD?All instences of the rbot were detected by SW Dr.Well heres the log from the latest edition to the network. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:27:25 PM, on 11/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r211990\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\IDT\WDM\sttray.exeC:\WINDOWS\system32\AESTFltr.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\OEM13Mon.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exeO4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exeO4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlgO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exeO4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exeO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hO4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXEO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: Google Update Service (gupdate1ca490e8ef33eda) (gupdate1ca490e8ef33eda) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r211990\stacsv.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: SystemSuite Task Manager - Ontrack Data International - C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 9985 bytes

RELEVANCY SCORE 200
Preferred Solution: Backdoor.rbot log, probably in wrong place

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Backdoor.rbot log, probably in wrong place

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 11 answers
RELEVANCY SCORE 64

as called by Spyware Doctor.

The situation is following:

the security programs which i have installed and scanning my XP SP2 pc:

Spyware Doctor (trial)
AdAware
HiJack This
SpyBot
SpyWare Blaster
ZoneAlarm Pro
AntiVir XP (german antivirus prog)

The thing is that only the Spyware Doctor (all programs freshly updated) is finding the dangerous rdriv traces in the registry. But since I have the trial version, I wanted to remove them manually from the registry. Now some of them can't be removed even in the safe mode. Well, if it was the trojan file, I could kill it with the killbox at least, but what to do if I can't kill it in the registry? Are there any tools for that? I mean, I see all of these bad lines in the registry but it wouldn't allow me to kill them.

Here are these:

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV
HKLM\SYSTEM\CurrentControlSet\Services\rdriv -> this i could fix manually

rdriv.sys was somehow not present in System32 folder ...

Or maybe recommend another anti spyware prog which is free and can help?
Oh, yes, my hijack log is clean, that's for sure.

Thanks in advance!
 

A:Need help on Backdoor.Rbot.Gen

Read other 16 answers
RELEVANCY SCORE 64

I got infected by backdoor.rbot.bry and after running all the scans in the sticky it turned out to be much worse than just this.I "seem" to have fixed most things but i cant turn off system restore to get rid of any infected restore files and cant boot up in safe mode., I get a blue screen telling me to run chkdsk /f,no help.
I have run AVG anti-spyware,pc-cillin,spybot search and destroy,f-secure,bitdefender online and even sfc /scannow and everything is coming up clean.
Here is a copy of my hijack log,any help resolving the other issues,and maybe more I dont know of yet would be great.

Just noticed system restore is not listed in computer management now and is set to not configured in group policies.

Logfile of HijackThis v1.99.1
Scan saved at 812 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security ... Read more

A:backdoor.rbot.bry

I didnt have the time to wait so I ran a repair install and things are looking good,(so far)

Read other 2 answers
RELEVANCY SCORE 64

Has anyone removed this? The only information that I can find is a China based software company. The computer is trying to connect to "real.profess.us". I do have ZoneAlarm which is blocking, but I would like to remove.

A:backdoor.rbot.adx

Added Information:

The virus name is Backdoor.Rbot.adx and the only site I could with information is at www.viruschina.com and it is does not give information on removing.

Read other 2 answers
RELEVANCY SCORE 64

Can anyone help me remove the following Virus this is the name that PC Spyware has given it.
 

Read other answers
RELEVANCY SCORE 64

Hi,Im a virus iliterate.Yesterday AVG started giving me infection alerts about trojan infection (BackDoor.RBot.LN). So I did the usual thing (moved them to quarantine)Every windows start up from now on, I get 6 messages:1- title: C:/documentscould not find the C:/documents folder make sure if it was correctly typed, etc;...2- title: Desktopit wasnt possible to load or execute C:/docments specified in the registry. Make sure that this file exists in your PC or remove it from the registry.3- title: ANDcould not find the "and" file, make sure if it was correctly typed, etc;...4- title: DESKTOPit wasnt possible to load or execute "desktop" specified in the registry. Make sure that this file exists in your PC or remove it from the registry.5- title: SETTINGS\USER\LOCALSETT~1\APPLIC~1\IEUDINIT.EXE it wasnt possible to load or execute "ieudinit.exe" specified in the registry. Make sure that this file exists in your PC or remove it from the registry.6- title: Desktopit wasnt possible to load or execute "ieudinit.exe" specified in the registry. Make sure that this file exists in your PC or remove it from the registry.As told, Im sending the "attach.txt" as a zipped file, and the log from DDS is posted below.Thanks for your help!!Rbuchner.Now, here is the log from DDS:DDS (Ver_09-03-16.01) - NTFSx86 Run by Ricardo at 10:36:01,14 on qua 08/04/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional... Read more

A:BackDoor.RBot.LN ??

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 64

I am comming up with this virus on my computer, I am deployed to Iraq and have no internet connectivity with it (I am on a government computer now). How can I remove this, I am running windows Vista.
 

Read other answers
RELEVANCY SCORE 64

I have no idea where this virus could have come from. I think someone in my family is using my computer without my knowledge, if some one could help me i would really appreciate it.

Deckard's System Scanner v20071014.68
Run by David Kochanowicz on 2008-04-10 19:17:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as David Kochanowicz.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:25 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Fi... Read more

A:Help with backdoor.Rbot.hvj!

I scanned my computer with avg anti-spy and it said that it found a backdoor.Rbot.hvj. I quarrantined the file and i am wondering if someone could help me.

Read other 8 answers
RELEVANCY SCORE 64

Ran a scan from the Spyware Doctor trial, told me I had Backdoor.Rbot.Gen and Backdoor.Rbot.WI and some other spyware. Would have removed it but I needed to purchase the program. Yes I am cheap. I heard this can be a very harmful program so I am freaked, wanting to clear my PC of anything you guys can find for me. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:46 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\N... Read more

A:Backdoor.Rbot.Gen & Backdoor.Rbot.WI

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepa... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

I must have downloaded something that gave this to me. But Kapersky is picking up on a Backdoor.Win32.Rbot.ebs. I tried to get it to disinfect it and it won't. I also tied to get Kapersky to delete it, and it won't. I will post the hijack file here. Can you guys help me get rid of this tojan or virus. I'm not sure but it seems to be trying to turn off my firewall and Virus protector when I turn on my computer. here is a link of what Kapersky says I have http://www.viruslist.com/en/search?VN=Backdoor.Win32.Rbot.ebs&referer=kav

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:21 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:... Read more

A:Backdoor.Win32.Rbot.ebs

I'm not sure how bad this virus/trojan is so if anyone knows anything about it any information and help would be useful. Thanks
 

Read other 3 answers
RELEVANCY SCORE 63.2

I have a Backdoor.Rbot.aveq though sometimes it's Backdoor.Rbot.awi
Vba32 keeps picking it up and deleting it, but I feel it's linked to the temp folder or something because everytime I try to install anything Vba32 tells me
"C:\Users\admin\AppData\Local\Temp\CR_04BFF.tmp\setup.exe" contains virus Backdoor.Rbot.aveq.
Vba32 deletes it, but every single time i try to install something I get it.
It has been stalling my Vba32 start up as well, so much so I have to keep restarting it.

Please Help!!
I think I got it from an email that was downloaded into my IMAP folder on my computer.
I use this computer for everything!!

I'm on Vista64

thank you

A:Can't get rid of Backdoor.Rbot.aveq

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT

Please download aswMBR to your desktop.Double click the aswMBR.exe icon to run it
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Read other 19 answers
RELEVANCY SCORE 63.2

avast detected a backdoor.rbot.aeu infection and told me to delete it. so i deleted it. when i started my computer the other day, ive done avg anti spyware 7.5 complete system scan and it told me that i am infected with backdoor.rbot.aeu again.here's hjt log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:56:06 PM, on 10/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EX... Read more

A:Backdoor.rbot.aeu Infection

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. Have a look here:http://www.sophos.com/security/analyses/trojagentad.htmlPlease set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\C... Read more

Read other 13 answers
RELEVANCY SCORE 63.2

Hi,
I am running XP

I have Microsoft Security Essentials installed.

Every time I turn on my PC I recieve notification that my computer is infected. Microsoft Security Essentials (MSE) recommends I clean the infection. I get a notification from MSE informing me the the threat has been removed and then it gives me a warning about a suspicious file: C:\WINDOWS\system32\Office.exe.

I have cleaned this infection every time I turn on the pc but it is still there. I have run Malwarebytes and SuperAntispy and both came back clean. Any suggestions as to what I should do?

Thanks in Advance!

A:Backdoor:Win32/Rbot.gen!A

From what I have gathered this is the Lovgate Worm or Trojan.MancSyn-B.
Each opens a backdoor and should be removed. I would boot into Safe Mode by tapping F8 upon restarting the machine. Once in Safe Mode, I would End the process office.exe if it is running and run an AntiVirus program. I would also suggest you run your Anti Malware software as well. One good measure to do before the scan is to turn off system restore as many viruses like to hide there because most anitvirus softwares cannot access those files. Try this and post back.

Read other 2 answers
RELEVANCY SCORE 63.2

How hard is this to remove? What should I use?
 

A:Backdoor.Win32.Rbot.gen

Read other 14 answers
RELEVANCY SCORE 63.2

Hi,
Im new here and id like to know how i can remove this backdoor beacuse im trying to remove it with my Ad Aware. The Ad aware finfing the file but cant remove it.Im a gamer my ping are jumpinng and my internet getting offline when he wants this virus making a lots of problems so i need your help guys!
EDIT: The name of the virus is Win32.Backdoor.RBot
Thank you :)

A:Win32.Backdoor.RBot

Go ahead and complete the steps in the link below and post the requested information in the HijackThis Forum. They can help you remove it.

IMPORTANT - Read This Before Posting For Malware Removal Help

Read other 2 answers
RELEVANCY SCORE 63.2

Hello all, i'm new to these forums. Can anyone help me. Every time i log on ZoneAlarm security suite picks up

Backdoor.Win32.Rbot.coz & Trojan.BAT.Regger.b

I've scanned using ADAWARE7, SPYBOT & ZONEALARM they remove them but still pop up in zonealarm when logging in.
I've deleted all quarantined items. I cannot get rid of these.

Backdoor.Win32.Rbot.coz & Trojan.BAT.Regger.b

Any help would be gratefully appreciated, kind regards.
 

A:I need help. Please Backdoor.Win32.Rbot.coz

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/594127-help-needed-i-have-virus.html
 

Read other 1 answers
RELEVANCY SCORE 63.2

Hi, I need your expertise again. Whilst running AVG Anti-Spyware, 4 objects were found. 3 were tracking cookies and 1 was a virus called Backdoor.Rbot.Gep virus.

From the scan, it's obviously come from a torrent download, so I guess I'll stay away from those now.

I will attach the scan log along with a HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 2:31:36 PM, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Diskeeper Corporation\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messen... Read more

A:Backdoor Rbot Gep Virus?

Read other 9 answers
RELEVANCY SCORE 63.2

i've followed every step in 3 tutorials on how to remove spyware but there are still files that just cannot be deleted. I did scans both in safe mode and normal mode, downloaded and used ewido, spydoctor, spybot, ad-aware se, avg, cleanup, sting260, cwshredder, and an l2mremover. everytime i scan using spybot, i get these cmd services (command services) registry entries which refuse to be deleted after spybot requests a reboot in order to fix those files. only 1 or 2 cmd keys get successfully deleted. there's always 1 or 2 left/uncleanable no matter how many times i reboot (safe or normal mode) a couple of days ago, i used spy doctor to scan my files. but since it doesn't really fix problems, i decided to uninstall it. after using every system scan known to man, spy doctor still tells me that my pc still has the following:Backdoor.Rbot.GenDeskwizzI-Search Desktop Search ToolbarWinsys Hijacker (Trojan-Clicker.Win32.VB.kcTrojan.Win32.StartPage.ahg)DollarrevenueNetwork Monitor (Command [Webroot])VX2.Look2Me (Adware/Look2Me [Panda]Trojan-Downloader.Win32.Agent.jt [Kaspersky])the other programs i downloaded don't show these results at all, though. anyway, i went through each step again in this forum's tutorial. the cmd keys are still there and refuse to be deleted. (teatimer off, tried it with the teatimer on, same bleep.)please please please help me fix this thing once and for all. can somebody analyze my hijack this log for me? Logfile of HijackThis v1.99.1Scan saved at 4:... Read more

A:Cmd Services; Backdoor.rbot.gen, Etc.

Welcome.. Please download delcmdservice (by Marckie), and save it to your Desktop.Unzip the content to your Desktop (a folder named delcmdservice)Double-click on the delcmdservice folderDouble-click on delreg.bat to launch the toolWhen the tool has finished, please reboot your computer.==Now, run a scan with HijackThis and check these objects for removal if present:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmO2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.==Post back with a fresh log and let me know if you're still having problems.

Read other 13 answers
RELEVANCY SCORE 63.2

Guys please help me remove tBackDoor.Rbot!ct. I have run Hihackthis. Heres the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:17 PM, on 4/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\PROGRA~1\Comodo\CBOClean\BOC426.exeC:\Program ... Read more

A:Pls. help remove Backdoor.Rbot!ct

anybody who can help me please? i dont know hot to interpret this log and which one to delete. please, please????
 

Read other 1 answers
RELEVANCY SCORE 63.2

Ewido and McAfee have both detected this trojan in
C:\windows\system32\p2pnetworking.exe

Mcafee was unable to delete it, and when I delete it with Ewido it comes back when I reboot. Also, Ewido found the file system32\__delete_on__reboot_p2pnetworking.exe and this appears to have been deleted finally.

The computer does not run any filesharing programs, but is on a network with a mac that does. How can I get this thing off my computer? Thanks in advance for your help!

Logfile of HijackThis v1.99.1
Scan saved at 11:57:04 AM, on 1/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.c... Read more

Read other answers
RELEVANCY SCORE 62.4

Hi Guys

Just to let you know in advance that I appreciate the help.

Here's my problem.

My operating system is Windows XP

Zonealarm keeps popping up with the message Backdoor.Win32.Rbot.jrr

As far as I can tell it keeps producing files with the extension SCR.

I have run Zonealarm, Adaware, Spybot - Search and Destroy and none of them can get rid of it for me. I use Firefox rather than IE for the most part.

I have run DSS but unfortunately it crashes before it finishes everytime.

However the Panda log follows

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-06 21:45:19
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ZoneAlarm Security Suite Antivirus 7.0.470.000 Yes Yes
;===============================================================================================================================================... Read more

A:constant pop ups - Backdoor.Win32.Rbot.jrr

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this w... Read more

Read other 16 answers
RELEVANCY SCORE 62.4

Hello. I recently scanned my computer with Avast, Spybot S&D, and Ad-aware. Avast and Spybot found nothing but Adaware found win32.backdoor.rbot (with a TAI of 10). I used Ad-aware to delete it, restarted and ran another scan and it found nothing. I also downloaded the rbot tool from F-secure and it didn't find anything (after Adaware had removed it).

However, from reading old threads on this site, it seems like that may not be enough. In a similar situation, it was reccommended that the poster download and run the rdrivrem tool and Ewido. I tried downloading rdrivrem.zip (to be proactive and solve this myself) but Avast said it contained "Win32:Trojan-gen {Other}" and stopped the connection and so I was unsure if that was the correct download location.

One other note, I went through the system startup list in Spybot Tools, and one HK_LM entry was blank and Paul Collins list describes it (among other potential ways) as: "Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field"

So at this point I am attaching a log from HJT2.0.2 and hope someone can help me ensure I have removed the trojan/IRC worm especially as that relates to the registry.
 

Read other answers
RELEVANCY SCORE 62.4

hi.none of the programmes (McAfee Stinger, Bit Defender, Norton, Spybot etc) except Ad-aware has found any problems at all but every time i restart my computer the programme b.exe says its having problems and a hidden folder named "_" is installed in my "My Downloads" folder. I've searched for b.exe and deleted it several time, as well as deleting the "_" hidden folder that repeatedly appears but they seem to be reinstalled repeatedly. Ad-Aware finds the critical errors (win32.backdoor.rbot) and fixes them but they return every time i reboot.Also, I cant open the Task Manager or run regedit.Here's what the Hijackthis log said:Logfile of HijackThis v1.99.1Scan saved at 2:22:55 PM, on 17/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP ... Read more

A:Win32.backdoor.rbot Keeps Returning

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download KillBox and unzip it to your desktop.Open Killbox and select the Delete on reboot option.Copy and paste the following file to the field labeled "Full path of file to delete"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exePress the Delete button (the button that looks like a red circle with a white X in it).A first dialog box will ask if you want to delete the file on reboot, press the YES button.A second dialog box will ask you if you want to REBOOT now. Press the YES button.Your computer will reboot.============I need to see a different type of log from HijackthisRun Hijackthis. Click on "Open the Misc Tools section". Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your in your next reply.

Read other 7 answers
RELEVANCY SCORE 62.4

I have a Backdoor.Rbot.aveq though sometimes it's Backdoor.Rbot.awi
Vba32 keeps picking it up and deleting it, but I feel it's linked to the temp folder or something because everytime I try to install anything Vba32 tells me
"C:\Users\admin\AppData\Local\Temp\CR_04BFF.tmp\setup.exe" contains virus Backdoor.Rbot.aveq.
Vba32 deletes it, but every single time i try to install something I get it.
It has been stalling my Vba32 start up as well, so much so I have to keep restarting it.

Please Help!!
I think I got it from an email that was downloaded into my IMAP folder on my computer.
I use this computer for everything!!

I'm on Vista64

thank you

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is a new Thread of the same problem, here are ALL the logs thus far:

My DDS text:
++++++++++++++++++++++++++
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_30
Run by admin at 13:35:55 on 2013-02-09
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.61.1033.18.6134.3143 [GMT 11:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\S... Read more

A:Can't get rid of Backdoor.Rbot.aveq MARK II

+++++++++++++++++++++
Hi CatByte
Here's the log below.
Thanks


ComboFix 13-02-07.02 - admin 11/02/2013 6:51.1.8 - x64
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.4646 [GMT 11:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-05 21:03 . 2013-02-05 21:03 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-02-05 21:03 . 2013-02-05 21:03 2850200 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-02-05 21:03 . 2013-02-05 21:03 193168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-05 21:03 . 2013-02-05 21:03 142744 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-02-05 21:03 . 2013-02-05 21:03 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-02-05 21:03 . 2013-02-05 21:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-02-05 21:03 . 2013-02-05 21:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-02-05 21:03 . 2013-02-05 21:03 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-05 21:03 ... Read more

Read other 5 answers
RELEVANCY SCORE 62.4

This Trojan(?) was found when I ran A-Square, free version, tonight.This in on my WinXP SP2 PC. This was the message I saw:

C:\System Volume Information\_restore{3F57B533-5DD0-4911-9C82-E8EE1FAD6B3A}\RP850\A0296789.exe detected: Backdoor.Win32.Rbot.kkd
C:\System Volume Information\_restore{3F57B533-5DD0-4911-9C82-E8EE1FAD6B3A}\RP852\A0296836.exe detected: Backdoor.Win32.Rbot.kkd
Is there a way to identify which of the several Restore Points these two entries can be found? If not, then I will just delete all Restore Points and start over with a fresh one. Don't know what else to do but I do hate losing those points if, in the event, I should need either of them.
Of course, I did quarantine the Trojans. Any suggestion? And as usual, TIA,
 

A:Solved: Backdoor.Win32.Rbot.kkd

From another BB, I was helped this way:
You can simply navigate to System Volume Information folder, and delete following entry:
{3F57B533-5DD0-4911-9C82-E8EE1FAD6B3A}
Make sure, system files are visible.
 

Read other 1 answers
RELEVANCY SCORE 62.4

I keep getting a Runtime library error on a game I have been playing and on reading some posts I did a scan which showed the I have 2 trojans on my computer, Backdoor Rbot ELB and Warez P2P. I have copied a hijack this log before and would be extremely grateful if you can have a look at this for me.
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:42, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\P... Read more

Read other answers
RELEVANCY SCORE 61.6

Hi peeps....i've got a problem getting rid of some malware, Win32.Backdoor.RBot...i use Ad Aware 2007 which has picked up the problem but it can't seem to delete the file...it says it will be removed upon reboot and as i reboot i can see it's trying to do something with it but when fully booted up the file is still there. It's on my D drive which i use solely for my music so no programs installs etc so no idea how it got there. It's not a file i can navigate to and just delete either so bit stuck on how to get rid of it....any ideas?!!

Below are my DSS results from the main.txt file and attached is the extra.txt file...

cheers

Deckard's System Scanner v20071014.68
Run by James Purnell on 2008-05-24 12:50:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-05-24 11:50:10 UTC - RP466 - Deckard's System Scanner Restore Point
33: 2008-05-23 19:08:54 UTC - RP465 - System Checkpoint
32: 2008-05-22 19:07:17 UTC - RP464 - Spybot-S&D Spyware removal
31: 2008-05-20 15:26:33 UTC - RP463 - System Checkpoint
30: 2008-05-19 01:09:37 UTC - RP462 - System Checkpoint


-- First Restore Point --
1: 2008-04-02 17:16:46 UTC - RP433 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Driv... Read more

Read other answers
RELEVANCY SCORE 61.6

Hi all,

Just did a scan using AVG Anti spyware and found the above threat. How to clear it totally? I have been getting screen freeze recently and after a 20 seconds or so, the screen returns to normal. Can anyone help me? A million thanks in advance. Below is my HJ log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:00 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32... Read more

A:Solved: Backdoor.rbot.crm detected! Help needed:(

Read other 9 answers
RELEVANCY SCORE 61.6

i got an Trojan program Backdoor.Win32.Rbot.eib on my computer.
please help me remove it.
thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:31, on 2007-10-23
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\TpShocks.exe
C:\Program Files\Diskeeper Corp... Read more

Read other answers
RELEVANCY SCORE 61.6

Hi, can anybody help with the removal of virus Win32/NSAnti and trojan BackDoor.RBot.KB ? My AVG keep telling warning of both. Here is my log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:04 PM, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TELKOMSELFlash\TELKOMSELFlash.exe
C:\PROGRA~1\Yahoo!\... Read more

Read other answers
RELEVANCY SCORE 61.6

deleted: Trojan program Backdoor.Win32.Rbot.ied File: C:\WINDOWS\system32\msconf.exe
i ran my kaspersky yesturday and it found that a file msconf.exe was infected or was a trojan (Trojan program Backdoor.Win32.Rbot.ied) it couldnt disinfect it so it had to reboot and then delete it it was up in my registry as well so i started in safe mode and deleted all that had to do with msconf.exe. as well as booted into my second drive so as to disinfect my drive without having to run any processes at all well the next day it came back obviously i missed it somewhere i think i got it now but i wont know till tomorrow but i have been experiancing laggs and my browser stalling ect. my question is, is this a serious worm i have read up on this win32.rbot but all the articles have a different .end to um none i have found to be the .ied like mine? they say that this is malware but has worm like tendencies??? so what, it will change its .name if you delete or what. will it start to corrupt files?????????basically what im askin is it worth tryin to dissinfect or could i just save my files and reformat. i forgot to save the hijack this file so i cant show you that but its not appearing on the scan now.
 

Read other answers
RELEVANCY SCORE 60.4

I'm using Windows XP SP2.

For the last 18 months, I have had Nortons IS, ADaware, AVG A-S and Spybot S&D installed and regularly updated. Nortons is the main system providing the firewall etc running constantly and automatically updates. I load and scan the others periodiaclly.

Eleven months ago, I had a starware infection which prevented any connection to the web. I purchased Spyware Doctor which needed updating online anyhow but the problem was resolved.

The story is that up until now all five suites have been working happily together with both SWdoctor and nortons running compatibly. Two days ago, I updated ADaware 2007 online which I do each month and on running its scanner, it found a high level threat: malware win32.backdoor.Rbot infecting swdoctor.exe and one other associated file. The required action was to reboot. During reboot, swdoctor.exe was deleted. This left the remainder of the SWdoctor folder full of orphened files which I removed. I then reinstalled SWdoctor from the CD I had purchased 11 months ago and ran ADware again. It found no malware infection. I the ran a smart update on SWdoctor to bring it to the current version and ran ADaware again. Of course ADaware found the malware infections and the action deleted swdoctor.exe on reboot. I went through the process once more and used the other sutes like Spybot S&D which didnt find the malware but which had incude errors and in the include errors log showed

'trojansc.sbi and Zlob.DNSchan... Read more

A:Is there Jealousy between security software suites? Win32.backdoor.Rbot

18-Jan-2006
 

Read other 3 answers
RELEVANCY SCORE 55.2

I believe my browser has been hijacked. My settings are being automatically changed without my input. When my PC locks up and freezes, ocassionally web sites that I have previously visited appears. Each day when upon START-UP of my computer a new .DLL error occurs. I use Mozilla Firefox as my primary browser. Below are a listing of some of the RUNDLL errors I receive daily.RUNDLLerror loading C:\windows\nnmmnk.dllspecified module could not be founderror loading C:\windows\system32\licapi.dllaccess is deniederror loading C:\windows\system32\comnst.dllaccess is deniederror loading C:\windows\system32\psdll.dllaccess is deniederror loading C:\windows\system32\empcfg.dllaccess is deniederror loading C:\windows\system32\ATIDelp.dllaccess is deniederror loading C:\windows\system32\booteds.dllaccess is deniederror loading C:\windows\system32\ativhci.dllaccess is deniederror loading C:\windows\system32\ctl3d8.dllaccess is deniederror loading C:\windows\system32\INKock.dllaccess is deniederror loading C:\windows\system32\c_1onv.dllaccess is deniederror loading C:\windows\system32\dhccmd.dllaccess is deniederror loading C:\windows\system32\kbchdi.dllaccess is deniederror loading C:\windows\system32\anscnv.dllaccess is deniederror loading C:\windows\system32\auturs.dllac... Read more

A:Virtumundo Infection/errorprotector.com Ad Popup/backdoor.win32.rbot.aeu Infection

It appears my ComboFix Log was cut off. Here is the latter part of it.Part II of cutoff ComboFix log:[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared to... Read more

Read other 25 answers
RELEVANCY SCORE 54.8

Mod EDIT: oved to proper forum~Virus, Trojan, Spyware, and Malware Removal LogsHi.I got infected by a backdoor malware, and don't realy know how to remove it. I saw some proccess you did with others helping them to remove so I installed the Hijackthis and got the following details.Hope you can assist. Thank you.here are the details:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 19:58:28, on 02/12/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18975)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exeC:\Users\MONA\AppData\Local\Temp\liwyfg.exeC:\PVSW\Bin\w3dbsmgr.exeC:\Windows\system32\svchost.exeC:\Windows\... Read more

A:HELP!! How to remove backdoor trojan win32/rbot.gen and win32/harnig

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 54.4

My @ key is not with the no 2 I have to press the " to get it to work
"

Read other answers
RELEVANCY SCORE 54.4

I don't know how to remove post when I am on android

Read other answers
RELEVANCY SCORE 54.4

i guess i'm newer than i thought i was......a friend gave me a new monitor that is larger than my old one....so i have a lot of black screen ......wish i could fix this...if someone could help or redirect me, i would appreciate it....thank you
 

A:may be in the wrong place

The monitor you have now, as the old monitor you had, should have some buttons or knobs on the front of it. These are used to resize the image, adjust it's position etc. Try them out looking for the obvious such as a knob with an image that looks like it will stretch it etc. Also, you might want to adjust your settings to a different resolution. For example: 800X600, 1024X768 etc. To do that, just right click on an empty space on your desktop, select PROPERTIES, then left click on SETTINGS, then move the slider under SCREEN AREA. Hope this helps, T.
 

Read other 2 answers
RELEVANCY SCORE 54.4

but I need some help and I am sure you have all heard it.
The thing is
I can't log into yahoo mail but can go into everything else
can't go to gmail, bravenet.com or angelfire.com where my site is hosted. I worked on the site for 4 to 6 hours and now I can't check or do anything.

here is my log

thank you for taking the time to read this

Lauren





Logfile of HijackThis v1.99.1
Scan saved at 16:56:36, on 21-Aug-2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Users\Lauren\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\drivers\setup\urlmon\urlmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Lauren\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\M... Read more

Read other answers
RELEVANCY SCORE 54.4

I don't know how to remove post when I am on android

Read other answers
RELEVANCY SCORE 54.4

Hi all...I was goofing off on the internet today...went to my bookmarks and clicked on youtube....and it would not load! the loading bar was just 'going real fast' and never completly loading- just going real fast. Fearing it was some sort of virus or crash on thier behalf I closed it and came here to ask if any thing like this has happened before. you tell me please? I am also told by this site that I can recieve emails and comments through email so I will hope your answer come thru my email thanks! Moondiver

A:probably the wrong place to...

Hi,

Welcome to TSF!!

If you think that you have a virus, follow these instructions and the folk the that forum will help you out.

Cheers!

Read other 2 answers
RELEVANCY SCORE 54

Hello Tech Support people!

My computer has been seriously sluggish. This shouldn't be so, as my husband just installed an extra 300GB hard drive.
I am post ing my HT log. Any help would be appreciated!
Thanks! shell63
Logfile of HijackThis v1.99.1
Scan saved at 3:24:25 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files... Read more

A:I think I posted in the wrong place~ Help, PLease?

Please continue here: http://forums.techguy.org/security/493221-help-please-hjt-log-attached.html

Thread closed.
 

Read other 1 answers
RELEVANCY SCORE 54

My download keeps going to the File Explorer. I need it on the desktop. What do I need to do? Could someone help me please.

Thanks.

Read other answers
RELEVANCY SCORE 54

Okay, I've checked everything I know how to, but cannot figure this out- I'm only putting this here because what I'm hearing comes from the sub of my Logitech z-5500d setup.

Often, when I plug in a USB cable, or touch anything metal to my case, I hear a "click" out of the woofer. I also hear it when I switch speeds on my ceiling fan.
Or when the washing machine switches from wash to spin. (The fan only does it switching from "hi" to "medium," not from med to slow.

Multimeter shows no faults anywhere on/in the case. Any electricians out there?
 

A:What the ??? Short? Wrong place?

I had a subwoofer on my home stereo once that would pick up CB radio jibberish from time to time. When the AC would kick on in the house in the summer I would hear a pop from the sub, etc. etc......turns out the AC plug in the wall was not grounded. At least that is what fixed my problem...
 

Read other 5 answers
RELEVANCY SCORE 54

OK i haven;t actually got one yet but am thinking about getting one. How do i know which one to buy and does it mean i have to replace everything including the extra ram i recently added?

Here is the info on my computer

I MEDIA 5055
Window XP Home Edition

Columbia GX (GA-8SIML) Ver 1.0 µATX motherboard
Name: Columbia GX (GA-8SIML) Ver 1.0
Type: µATX motherboard
Manufacturer: Gigabyte

If you need any other info just let me know
 

A:New Motherboard (Sorry if in wrong place)

Whats you're goal in replacing the motherboard?

Since you have an older system you would need to upgrade nearly everything if you are looking to get a more modern system. Selling you exisitng system and buying/building a new one would be the smart move.
 

Read other 3 answers
RELEVANCY SCORE 54

if the mods would kindly move this post into the correct forum, as i'm unable to post there myself!!

up until today my pc has been working fine, but i have had a few virii detected by AVG that it said it had healed. now i cant browse any web pages to do with virii or anything remotely linked to it as my web browser closes down totally, this is if i use IE, firefox or opera, for instance i cant open the hijack this log forum as my window just shuts down!!

if i try open AVG it gets as far as the grisoft opening page then shuts down before i can do anything, same with system restore, if i click that it tells me it has been switched off through group policy and to contact administrator, for which i have administrator rights on this pc.

i can open every window from control panel, except administrative tools, if i try it just shuts the window down totally, this even happens if i boot up into safe mode, nothing that i know of will help, but then i'm not a pc whizz-kid!!

please help me, i have posted a hijack this log, hopefully someone can stop me throwing my pc out the window in frustration!!

thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 00:08:51, on 17/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Syste... Read more

A:please read even tho i know its in the wrong place!!

To get help faster it would be best to place your thread in the proper forum. For this question it should be placed in the HiJackThis Log Help Forum. :)

Read other 19 answers
RELEVANCY SCORE 54

I got broadband last week and we're only allowed 2GB monthly usage limit (hehe, well it is cheap). I was wondering if streaming videos counts towards this, like does it take up disk space? And is there any chance of viruses? Thanks, pretty random, but I'd like to know.

A:ok this is probably the wrong place, but...youtube

Hi...

Yes that will count towards your 2GB monthly allowance...everything you get from the internet will count (emails, webpages, videos, music etc).

It does take up disk space but once you clear your temporary internet files, that will solve the problem.

As with the risks of internet use, there is a chance of picking up spyware/viruses by downloading content....but the chances are far less with reputable sites.

Hope that helps :)

Read other 7 answers