Over 1 million tech questions and answers.

Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Q: Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Hi guys need some urgent help....i have AVG 8.5.427 free edition installed on my system ,wherein the operating system is Windows XP Profesional .....i ran a scan on my system and the scan reported Trojan Horse Generic11.ATHC and the resident shield log reported the remaining viruses(Worm/Downadup,Win32/Virut,Win32/Cryptor).I deleted the corresponding folders but still the system is very slow.It would be of immense help if anybody could provide expert advice on this matter.I am providing the hijackthis log herewithLogfile of Trend Micro HijackThis v2.0.2[/u][/u]Scan saved at 4:18:32 PM, on 12/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Avinash\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Internet Download Manager\IDMIECC.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dllO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startupO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O8 - Extra context menu item: Download all links with IDM - E:\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - E:\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - E:\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{7FDF3260-1F22-4B74-9DE4-3F1525381EBC}: NameServer = 218.248.240.181 208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\..\{84504A16-B874-40F8-A8C4-48157EFC8901}: NameServer = 192.168.0.3O17 - HKLM\System\CS1\Services\Tcpip\..\{7FDF3260-1F22-4B74-9DE4-3F1525381EBC}: NameServer = 218.248.240.181 208.67.220.220O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe--End of file - 5294 bytesI am also attaching the same log below in case it is required...........Thanks in advance

RELEVANCY SCORE 200
Preferred Solution: Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

Read other 3 answers
RELEVANCY SCORE 128.4

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 125.6

Hi,

I'm trying to fix my sister's computer which has/had lots of viruses on it (eg braviax). I've got so far, but would really appreciate some help!

She runs Windows XP version 5.1 service pack 2

It is running very slowly and this message pops ups:
NT Authority system shut down status code 1073741819
c:\window\system32\services.exe
There is a 60 second countdown, but after this the computer doesn't actually shut down. However access to programs is limited, the system freezes/runs very slowly and cannot access the internet.

The PC has AVG 8.5 and I have managed to run Spybot Search & Destroy and Malwarebytes which have all found and cleaned different trojans.

I researched the message and found the Sasser worm gave a similar error, so I downloaded the Windows Malicious Software tool and ran it.

It found one infection: VirTool:WinNT/CutWail.L but could only partially remove it. However, the PC would not reboot after this in either safe or normal mode ? the only option was to 'Restore to last known configuration' when the NT authority message instantly popped up again (it also appeared in safe mode with networking).

AVG also warned of Trojan horse Backdoor.Generic11.AKSH detected on C:\windows\system32\drivers\ntfs.sys

But could not remove it.

The file's properties showed an extra user: [S-1-5-21-789336058-527237240-725345543-500].

I tried to run combofix in normal mode but it just hung (and I later discovered a bug.txt file... Read more

A:Trojan.Win32.C4DLMedia.b, Backdoor.Generic11.AKSH, CutWail.L and possibly Virut

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 15 answers
RELEVANCY SCORE 118

I don't know how to remove them, our computer automatically shuts down sometimes.

DDS (Ver_09-09-29.01) - NTFSx86
Run by user at 20:03:13.70 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.192 [GMT 8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\Application Data\Transcend\JFSW2\JFSW2Launch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\inte... Read more

A:Infected with Win32/Heur, Adware Toolbar.GP, Trojan Horse, Worm

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.Your log will be analyzed and you will be instructed on what to do next as soon as possible.

Read other 13 answers
RELEVANCY SCORE 117.6

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 113.6

Hi all,

I'm desperate!!!
Last Friday my PC started doing some very strange things, these being:
Firefox & IE7 - Google links failed to link to the correct page, they linked to what seems completely random pages?
I attempted a system restore but cannot restore to any previous points in time? I'm guessing the virus/malware has removed them?

I have AVG AntiVirus installed and ran a scan the results as follows:

"General properties",""
"Report name","Complete Test"
"Start time","12/01/2009 08:00:02"
"End time","12/01/2009 11:01:45 (total: 3:01:42.5 hrs)"
"Launch method","Scanning launched by scheduler"
"Scanning result","Threats found"
"Report status","Scanning completed successfully"
" ",""
"Object summary",""
"Scanned","371066"
"Threats Found","10"
"Cleaned","1"
"Moved to vault","5"
"Deleted","1"
"Errors","0"
"Boot sector of disk C:","Change","Changed"
"C:\WINDOWS\system32\ntoskrnl.exe","Change","Changed"
"D:\backup 30-01-07\p drive.rar:\DOC1.DOC","Password-protected","Embedded object"
"D:\backup 30-01-07\p drive\DOC1.DOC"... Read more

A:Infected with browser hijacker of some sort (Worm/Autorun & Win32/cryptor - maybe others?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 2 answers
RELEVANCY SCORE 112.4

Hi, my xp pc are infected with all of these and being hijack.I could not access - 'add-on/remove'at windowmy wdw programme is not running properly.download ComboFix (2) & Malwarebytes exc, but the computer would not let me to run it.i could not control to the website I wanted and sometimes it's being hijacked to some horrible website.had download the dds but it now would not let me open and post upload to this forum.I am novice with computer technology...please kindly advice me what I should do now.And my IE browser had gone too... I could now only use firefox, before that they both work ok .I detected all thie virus by scan with free AVG 8.5 and my firwall is with free PC toolPleaase help...Hi, any response please.As Now I lost the control of my wdw, it stop me doing lots of access.do I really need to re-installed the xp. anyone tell me how to do that.And would I lost every other pre-factory-installed software eg Nero, I don't have back up disc for that, that means I could not use my dvd re-write or re-open any back up there?Help please ...Please..more it would let me go the lots of web site and it limit me resource to find helpful site to remove them.By the way I think my pc get Vundo B.I am now so afraid to go on internet now as I worry there's backdoor open for more attack.I could not delete file now to protect my personal details before I go on internet and I worry if I check my yahoo email account someone would detect my password etc.It's ... Read more

A:win32/Heur, Win/Virut & Trojan Horse clicker.ADLV

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 112.4

hi, my sister recieved an email from her fellow student mate and thought it was crucial and as soon as she opened the email she started to experience anti malware doctor software pop up saying you have recieved threats click yes to remove and so on. ive tried to uninstall that program from safe but it comes back again everytime i log on to desktop. also my avg 9 is picking up loads of the trojan horse cryptic.apo file in the temp folder but canot delete it , it says " interupted by user" and keeps multiplying. i cant seem to surf the net on windows explorer it says page unavilible but i can go online with skype and other messengers. the anti malware doctor pops up every now and then. just cant seem to remove the trojans and anti malware doctor software. ive tried anti malwarebyte in safe mode it found few objects but after restarting to desktop the anti malware doctor automatically installed again on the laptop. ----------------------------------DDS (Ver_10-03-17.01) - NTFSX64 Run by vedika at 1:45:44.03 on 20/07/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2006.619 [GMT 2:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files (x86)\AVG\AVG9\avgchsva.exeC:\Program Files (x86)\AVG\AVG9\avgrsa.exeC:\Windows\... Read more

A:infected with anti malware doctor with trojan horse cryptic.apo and win32/psw.wow.now and win32. fraudpack. bagn

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 111.6

Here is my HiJackThis log - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:05:03 PM, on 2/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AV... Read more

A:Win32/Heur - I-Worm/Nuwar - Win32/Virut

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Read other 14 answers
RELEVANCY SCORE 110

hi , kaspersky scan(included at the end ) came up with a few infections, please help me with removal logs:Logfile of random's system information tool 1.04 (written by random/random)Run by Yanai Michael at 2008-12-14 13:16:05Microsoft Windows XP Home Edition Service Pack 3System drive C: has 4 GB (9%) free of 53 GBTotal RAM: 1526 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:16:16, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\... Read more

A:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

Read other 7 answers
RELEVANCY SCORE 109.2

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 109.2

I'm on a computer at work and it has the nastiest trojan on it that I've ever encountered. I'm now at my wits' end and I've torn out all my hair trying to remove it. I'll buy dinner for anyone who can truly get rid of this thing (without doing a complete flush-'n-fill, that is). I'm running Windows Vista Home Premium 32-bit and here's what I've found so far:

According to AVG Free, it's called Win32/Cryptor and appears as two files:
C:\Windows\System32\drivers\geyekrdpbrwhbi.sys
C:\Windows\System32\geyekrttiqbeep.dll

Every time I have AVG quarantine the files or forcefully remove them, they reappear immediately. Safe Mode doesn't help. I have to turn of Resident Shield in order to keep using the computer without being bugged every five seconds with AVG's warning.

So I then installed & ran Ad-Aware. It goes through life thinking everything is fine. So does Spybot Search & Destroy.

Searching Google, I try a software that appears to be highly recommended, Malwarebytes' Anti-Malware. It's quick scan sees "Trojan.TDSS" in two places:
As a Memory Module in \\?\globalroot\systemroot\System32\geyekrttiqbeep. dll
As a File in the same location and with the same filename.

Strange how MBAM doesn't detect the .SYS file that AVG detected earlier. Anyway, it claims to remove them and reboot, but they reappear. Same thing during Safe Mode.

Tried HiJackThis 2.0.2. The only thing it sees as bad is a servic... Read more

A:Infected with Win32/Cryptor or Trojan.TDSS

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

Read other 13 answers
RELEVANCY SCORE 109.2

Following the post to create a new topic, I have pasted below the DDS.txt and will hold onto to attach.txt until it is requested.

The file names with infections seem to have a common base but different infections are reported.

Free AVG 8.5 reports Win32/Cryptor as about 100 infections with about 50 instances of
"\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll" ---"Virus identified Win32/Cryptor" ---"Infected"
and for the remaining infections it reports various executables also identifying them as Win32/Cryptor.

Malwarebyes Anti-Malware reports as 2 infections:

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll (Trojan.TDSS) -> No action taken.

Files Infected:
\\?\globalroot\systemroot\system32\geyekrtcmcjpyx.dll (Trojan.TDSS) -> No action taken.

Thanks!

Sergio
DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 16:58:29.87 on Sun 07/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1764 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ========... Read more

A:Infected with Win32/Cryptor & Trojan.DTSS

Go HERE and download SysProt AntiRootkit. Unzip it to your DesktopRun SysProt >> Click on the Log tab Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)Hit the Create Log buttonWhen it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)Let it scan until finishFind the log.txt inside the SysProt folder and attach the log here.

Read other 2 answers
RELEVANCY SCORE 108

PC is unreliable since infection with Win32/cryptor and vundo. AVG is able to identify the problem but asks for a re-boot to complete the removal process. After re-boot, the infections remain on the system. Have followed your preparation guide for this submission but was unable to perform a successful run of RootRepeal - I think cryptor recognizes it and makes it unreachable i.e. it tells me that I do not have permission to perform anything e.g. Run, Delete etc. Many thanks for any help you can provide.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)
==== Disk Partitions =========================
==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
ActiveSpeed
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
Adobe SVG Viewer 3.0
AVG Free 9.0
BT Voyager Wireless Utility
BT Yahoo! Applications
CA Yahoo! Anti-Spy (remove only)
Coupon Printer
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo AIO Printer 924
ecardscreensaver
Garmin City Navigator Europe NT 2010 Update
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
H... Read more

A:Infected with Win32/cryptor virus and vundo trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 106.8

Hi guys, recently i downloaded an .exe game which had malware on it. As soon as i ran the program i was bombarded with warning/notices saying i have the win32/heur, win32/virut and many other trojans. I closed all programs and immediatly ran avg 8.5 scan. It detected 276 infected files. It healed many files but 46 weren't healed. These were either win32/heur or win32/virut. The next day i installed malwarebytes anti malware and spybot search and destroy. I ran both these scans AND the avg scan. They all detected different threats and were removed but win32/heur and virut remain. I rebooted my pc and avg did an automatic scan before i got to the desktop. Meaning i didn't get to my desktop yet avg was running a scan. When i was able to go into my desktop the taskbar and desktop icons were missing. I was only able to use m pc via taskmanager. Now i still have the 46 infected files which cant be removed and my taskbar and desktop icons were gone. I tried to run explorer.exe but it ddnt work because "system cannot locate file" please help!!

The 46 infected files are windows32 files. Probably registry files so it cant be removed. I have winxp and atg 8.5. +malwarebytes and spybot

A:Hardest problem - Computer infected with Win32/heur and win32/virut

Hi,

I would like to first confirm if you do in fact, have virut.

Please do the following:
Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:Download VAPrep.bat and save it to your Desktop.
Double-click VAPrep.bat to run it. It will only take a moment to complete.
When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
Next, please go to this webpage.
Browse to the VAPrep.zip zipped folder you just created.
Click Send File.
Once d... Read more

Read other 4 answers
RELEVANCY SCORE 104.8

please help me....idk what to do....i've removed a lot of other things that were on here but my nod32 didnt detect the following infections.....what can i do next to get rid of all this stuff? and i also have a file called fdccffbffbd.dll that keeps showing up...and i cant delete it....thank you..........and happy thanksgiving*KASPERSKY ONLINE SCANNER 7 REPORT*Wednesday, November 26, 2008Operating System: Microsoft Windows XP Home Edition Service Pack 3(build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Wednesday, November 26, 2008 09:59:47Records in database: 1418243*Scan settings*Scan using the following database extendedScan archives yesScan mail databases yes*Scan area* My ComputerA:\C:\D:\*Scan statistics*Files scanned 101537Threat name 5Infected objects 14Suspicious objects 0Duration of the scan 03:13:31*File name* *Threat name* *Threats count*C:\RECYCLER\S-1-5-21-1951078608-3892172462-226310285-2436\service.exeInfected: Trojan.Win32.Inject.klc 1 C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe Infected:Trojan.Win32.Qhost.kng 1 C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP Infected:Worm.Win32.AutoRun.sqi 1 C:\WINDOWS\system32\979e69aafdc832e6... Read more

A:Worm.Win32.AutoRun.sqi, Trojan.Win32.Inject.klc, Trojan.Win32.Monder.zfd

bump

Read other 19 answers
RELEVANCY SCORE 104.8

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 104.4

ok man. now lets get ready to kick these unwanted ***** out of my comp.

BEFORE u read on, please pardon my emotional language.... ( including some strong language). im trying my best not to be emotional...

i am providing as much information as possible. so please help me.... thanks in advance!

_______________________________________________________

DAMN! after i downloaded a keygen, i got a damn trojan.... man that sux. shouldnt have done it....

now i really dunno WAT to do with the trojan in my comp now.

SYMPTOMS
1. i cannot open some programs like mIRC ( very safe. no virus etc )

However, i still can do the following
1. surf the web ( to seek help here!!! )
2. use virus scanners and such
3. boot up normally

_________________________________________________________

here is my hijackTHIS! log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:12:23 AM, on 9/3/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explor... Read more

A:Virus.Win32.Virut + Trojan.Win32.Agent.bck

Another solution i tried

i was recommended by some guy from another forum to try tthe free kaspersky online scanner. so here are the results
WARNING! below is a very very long scan log of a whooping 749 files infected. its so long, that i have to post it in 2 posts. the log was originally has 63374 characters. but only 30000 characters are allowed.

Sunday, September 02, 2007 9:04:59 AM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/09/2007
Kaspersky Anti-Virus database records: 402384
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Andrew\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 13660
Number of viruses found 7
Number of infected objects 749
Number of suspicious objects 0
Duration of the scan process 00:16:43

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pft74~tmp\Reader\AcroRd32.exe Infected: Virus.Win32.Virut.n skipped

C:\WINDOWS\system32... Read more

Read other 3 answers
RELEVANCY SCORE 101.6

80 gigAsus Laptop Harddrive (C) infected, nothing important on it.
120 Western Digital Passport External Harddrive (E) infected 3 semesters of unbacked up architecture work
1 gig San disk USB key (f/g) infected, nothing important on it.

I have a question Normally the Win32:Virut doesn't infect files like jpegs and stuff so are my photos and architecture work pdfs/jpegs/photoshop free from infection?

Problem is that San disk USB key has a U3 program that after reformatting key the U3 exe is still there and thus I believe to be infected still.

Likewise the WD Passport has a WD Sync and Google search exe's that are infected and i'm afraid will reinfect my computer if i try to hook up and get my photos off.

I have the Hijackthis log and also an AVG Win32:Virut Remover Log. The AVG Log is really long and also the virus has now infected the AVG Remover exe as well LOL.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:12:26 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svch... Read more

Read other answers
RELEVANCY SCORE 101.2

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

Read other 2 answers
RELEVANCY SCORE 99.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:04:28, on 12/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\spooIsv.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\WINDOWS\system\Fun.exeC:\WINDOWS\dc.exeC:\WINDOWS\SVIQ.EXEC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\system32\wscntfy.exeC... Read more

A:I Think I Am Infected With Win32/virut & Win32.hll Hjt Log

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ashzoomerintrackMy name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed,which is somewhat suicidal.Please download/install Avira AntiVir Personal Edition Classic[Free]: http://www.free-av.com/Perform a full scan with Avira and allow it to delete everything it detects.Restart your pc when you've done.After restart,open Avira Antivirus and select "Reports".Then double click the report from the full scan you have just completed. Click the "Report File" button,then copy and paste the report into your next reply.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your ... Read more

Read other 17 answers
RELEVANCY SCORE 99.2

Hey Everyone Im Pretty New To The Forums But Anywayz So If I Posted In The Wrong Section...

Anywayz

I Got Over 5 Computers Infected With This Injected JS.Virut.X JS.Virut.Y Win32.Virut.X Win32.Virut.Y that is not listed what so ever on any google pages. its called something completly different with SOPHOS Removal Emogen Or HTML I FRAME.

Avast wont remove it
AVG wont remove it
Outpost security suite pro wont remove it (claims to remove it but then it reappear on scan after restart)
Zonealarm claims to remove but on restart reappears
avast goes into LOOP - both home n pro
DR WEB wont remove.
bit defender wont remove
kaspersky wont remoe and kaspersky gets shutdown by it
outpost the virus creates rules to reenable itself in the smart advisor filter as acting as a genuine certificate for the vendor.
its a rootkit so YES i have formatted and reinstall windows, replace hard disk drives, scanned and removed virus etc... and transferred data back and it has taken over the newly formatted system

Malwarebytes with latest update, picks up over 8 threats and removes on restart but reappears when you rescan as it does not remove or does and it regenerates itself injecting the files over and over and it gets worse each time...

YES. SYSTEM RESTORE IS OFF. and all points removed... never enabled...

McAfee Wont Work
Norton Wont Work
Kapersky Wont Work
Bit Defender Wont Work
avast wont work
avg wont work
hijack this is denied
task manager denied
registry denied
admin denied
if i grand ... Read more

A:ROOTKIT - JS.Virut.X - JS.Virut.Y - Win32.Virut.X - Win32.Virut.Y (Mutant) (BBS)

Hello and welcome. This is a serious and difficult infection to remove. We are best served using the HJT tools.We need to run HJT.Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know it it went OK !

Read other 1 answers
RELEVANCY SCORE 98.8

We have been at this virus for about a week. It's caused the computer to shut off and on continuously, has disabled system restore and windows security center. With the help of Microsoft, we were able to update our computer accordingly but we were unable to completely remove the virus. Every few hours we'll get new stuff showing up on Hijackthis and Malwarebytes. I've used the combofix, but to no avail. System is running okay, and I'm able to access the internet at least. We've been through several programs to include, but not limited to...Spybot, Windows OneCare Live Scanner, a few others..done a few system recoverys. Here are my logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:13 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost... Read more

A:Win32:Virut/Win32:trojan-gen/and several others

Hello, kayjunspice.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:log.txtinfo.txt

Read other 42 answers
RELEVANCY SCORE 98.8

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 98.4

This is my first experience actually having o go to an outside source to deal with a virus or malware issue, so bear with me as I am not the most savvy with running different fixes.
In the process of loading a new codec to play a movie for one of my classes, my computer was over-run with pop-ups and several "Status" programs attempting to install something but failing each time. I am unable to run Task Manager and it seems like the virus begins anew each time I attempt to reboot my computer.
I have tried reading through several similar fixes on this site and although I am sure that others have solved this exact issue, I am unable to by reading where others have succeeded.
So here I am, humbly asking for assistance in an attempt to salvage whatever is left of my classroom computer.
I have run rkill, a temp file remover, exehelper, and even attempted to run GMER and Malwarebytes' Anti-Malware.
I have a log from exehelper if that is of any assistance, but I'm not sure anything else has had any effect whatsoever.
rkill ran as suggested in other posts, but did not seem to have any great effect because nothing else will run successfully.
GMER ran and then my computer rebooted on it's own half way through the scan. Malwarebytes' Anti-Malware installed, but produces an error message and will not run once clicked. The error states that the malware.exe file is missing.
I truly appreciate any and all help offered, and would be happy to produce any other information that may b... Read more

A:Virut, TrojanSMP/LX, worm.win32.NetSky...... I don't really know!

There are a couple of other variables that I think may be pertinent to the problem at hand.
First, I am completely unable to load or run Malwarebytes' Anti-Malware. At first I was unable to even access the web site to download it (I initially downloaded it through my laptop with my thumb drive and onto my computer), but I am not able to (and have since) download it.
The problem remains that when I go to install the program, I get the error message:" Unable to execute file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe CreateProcess failed; code 2. The system cannot find the file specified "

The other major issue I am still having is when I attempt to open any system information like "Add\Remove Programs" I get the error message:" Windows cannot find 'C:\WINDOWS\system32\rundll32.exe' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. "

Lastly, I stabilized most of my computer by running TFC and rkill, but I am completely unable to run Anti-Malware.
Let me know if more current logs are needed and I will post them.

Thank You.

Read other 3 answers
RELEVANCY SCORE 98.4

Hello, I tried to post earlier. Seems it failed to post. when I see my post is successful, I will post again with steps I've taken to try and resolve this issue.

DDS (Ver_09-03-16.01) - NTFSx86
Run by ED at 22:36:14.04 on Thu 04/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.274 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\ED\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://store.presario.net/scripts/redirectors/presar... Read more

A:worm/agentx win32/virut w32virotb.gen.12

OK, seems it posted this time. I believe I Got this/these infections from a bad link on a web page while looking for scrap metal prices. Suddenly got some pop-up messages about spool.exe and svchost.exe errors and text asking to keep blocking. I suspect this was the firewall, not sure I was in a panic. Selected keep blocking for each. closed web page. closed browser. dissconnected from my isp. logged off. removed my usb connect modem from usb port. restarted computer. I can't remember what happened at restart but realized I had been bitten. Tried a system restore point , bug still there. Tried another system restore point, bug still there. Being as we recently got this computer, and had little if any needed info stored, I decided to use the Recovery cd that came with the computer. restored to factory configuration. installed sp2. installed AVG. installed usb mercury modem in usb port. installed at&t communication manager. after reboot, established a connection to the internet. went to windows update for updates, unfortunatly they suggested install of sp3. Now I could no longer connect to internet(drivers don't support sp3) uninstalled sp3 and tried to connect again, still no connection. So I got the restore disk back out and did another factory restore. installed sp2. computer rebooted, enabled firewall,did not activate windows autoupdate, was afraid it would install sp3. installed AVG anti-virus/anti-spyware, Disabled network connections for LAN1,LAN2,1... Read more

Read other 3 answers
RELEVANCY SCORE 98

I have ESET Smart Security (current version - 5.0.93.10) reporting that a variant of Trojan horse Win32/Gataka.B has infected the files dwm.exe, taskhost.exe and explorer.exe
ESET is unable to remove the infection.

I've tried running Malwarebytes (full scan) and Trend Micro Housecall to remove the infection, but neither could find it.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by User at 15:19:31 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2038.727 [GMT 2:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows ... Read more

A:Infected with Win32/Gataka.B trojan horse

We need to create an OTL ReportDownload OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Check the box that says Scan All Users.Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Read other 5 answers
RELEVANCY SCORE 98

Hi all, new here but very thankful for this resource. It seems like my laptop somehow got the Trojan Horse Win32:Jifas-FB. I have Avast! antivirus software and it blocks it but the Trojan horse keeps attacking and i get pop up after pop up saying that Avast! has blocked an attack. Pic attached is from 39 consecutive popups that come up about every 10 seconds or so.

Help please, I run Windows XP.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:26 AM, on 4/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft... Read more

A:Infected by the Trojan Horse Win32:Jifas-FB

Ok sorry this is a semi-bump but also an update. I stopped getting the Avast! pop ups telling me about a virus attack and im wondering if maybe the Trojan Horse went away or maybe it successfully got into the system and now Im screwed. Help please. Here's an updated Hijack This log. I ran a full system scan on Avast! and it found two items that i moved into the chest. But im not sure if I'm completely free of the Trojan Horse.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:59 PM, on 4/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7... Read more

Read other 1 answers
RELEVANCY SCORE 98

Hi, Can you help?

On startup Avast told me that I had a Trojan horse
I have spent all day trying to get rid of it.
Avast did a scan from boot up and found the Trojan!
The result of the "Boot time scan" are as follows.
C:\documents and settings\owner\local settings\temp\_avast4_\unp 229333151.temp is infected by win32:BHO-KD[trj]
I selected "Move to chest" and the scan reported "Moved to chest" and continued scanning my hard drives.
The scan found a 2nd infection and reported it as follows:-
C:\windows32\cl.DLL\[upx] is infected by win32:BHO-KD [trj]
I selected option 5 "Move to chest"
I got the on screen message, "File is in windows folder, are you sure?"
I selected YES and got the on screen message, Move to Chest ERROR 0x0000022 {access Denied}
I have also worked with 1 spybot, 2 noadawere, 3 a-squered, and 4spy doctor.
None of them could get rid of the Darn trojon.
 

Read other answers
RELEVANCY SCORE 98

AVG has reported the following infections:Trojan Horse Generic11.AQFN - several instancesTrojan Horse Generic13.XWVTrojan Horse Pakes.DIEWin32/HeurWin32/PolycryptMost applications close after a few minutes unexpectedly. Firefox, Word, AVG User Interface. The AVG User Interface closes but the scanner will keep running in the background. Zone Alarm disappears from the system tray a few minutes after opening. Since my browser won't stay open for more than two minutes at a time I'll be communication from my other computer using the browser on the Active Disk CD. This computer is also infected but we'll save that for another day. Here is the HijackThis Log. Please let me know what other information you may need.Thanks in advance,ChrisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:49 AM, on 4/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Java\jre6\bin... Read more

A:Win32/heur, Win32/Polycrypt, Trojan Horse Pakes.DIE, and generics

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.You'll need to find a way to transfer these programs over to the infected computer to run them and then transfer the logs back so that you can post them here.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 30 answers
RELEVANCY SCORE 98

Here is the history of the problem:Two days ago using Firefox I entered a google search and a page came up explaining that I most likely had some sort of malware and they were blocking my search due to automated searches coming from my computer. The google page suggested I check with an Adware program. I did use Ad-Aware and it found and removed Win32.Worm.LovGate. However this hasn't appeared to be the end and my firefox has not been running as normal. I am vague on what else has tipped me off as to a continued problem however here are some other things I have noticed:This website : <http://maplestreetpress.com/book.cfm?book_id=44> redirected itself all day yesterday to another website in turkish I believe.Again my firefox seems to be running slower than usual, for instance I closed it sometime yesterday to again run Ad-Aware and it took forever to close and I was unable to use Ad-Aware to manually update a virus definition file until I used CNTR-ALT-DEL to end firefox.I think I perhaps this program I also used after searching my worm came up with a removal software:<http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/>While installing my McAfee deleted "Generic PWS.y (Trojan) from c:\documents and settings\...\virus removal tool\is-0CI9R\is-1DDDQ.tmpI have now downloaded the 8.0 version of Ad-Aware and just run it and it found and got rid of the Win32.Iroffer.1227 worm but the previously mentioned website problem has now just now ... Read more

A:Infected with Win32.Worm.LovGate then Win32.Iroffer.1227

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 98

Deckard's System Scanner v20071014.68Run by rad on 2008-05-21 08:51:36Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 5.2 GiB (less than 15%) free.-- HijackThis (run as rad.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52:58, on 2008-05-21Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\... Read more

A:Infected With Adware.win32.insider.d & P2p-worm.win32.kapucen.b

Hello Paularden and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

Read other 6 answers
RELEVANCY SCORE 97.6

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on the other day, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files and got caught in the Login/LogOff loop. I am now able to get logged in after following the advice here: http://windowsxp.mvps.org/peboot.htm (Thanks to BartPE, What a great tool!). Now, when I try to launch most any (I hesitate to say ALL) applications, even the Task Manager, I get the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message.When I ran DDS it did not automatically open the logs in Notepad, even though I still have the "WARNING - Application cannot be executed. The file is infected. Please activate your antivirus software." message open so that I could get DDS to launch. (I saw this suggestion somewhere as a work around.) Instead I found them in "C:\WINDOWS\Temp" and have provided them here. Also worth mentioning, I noticed that there were two additional files with the same date/time stamp in the &quo... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 35 answers
RELEVANCY SCORE 97.6

It appears that I may have the Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ (or whatever it's called) virus on my laptop and would greatly appreciate your assistance. When I turned it on, it started giving me the below "Spyware Alert!" message followed by the below "WARNING" message after I logged in. My desktop background had NOT changed, as I've seen other people report. I (stupidly) tried to start removal of the virus without your assistance by deleting some of the suspected files. Now, when I login, it immediately logs off. (This happens regardless if I "Start Windows Normally" or go into "Safe Mode") Obviously, before I can post/attach a DDS or HJT log and begin the process of removing the malware, I will need assistance getting logged in. Thanks in advance for your assistance.

============================================

Spyware Alert!

Security Warning!

Worm.Win32.NetSky detected on your machine.
This virus is distributed via the Internet through e-mail and Active-x
objects.
The worm has its own SMTP engine which means it gathers e-mails
from your local computer and re-distributes itself.
In worst cases this worm can allow attachers to access your
computer, stealing passwords and personal data.
Viruses can damage your confidential data and work on your
computer.
Continue working in unprotected mode is very dangerous.
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vi... Read more

A:Possible Internet Security 2010/trojan.win32/worm.win32.netsky/TrojanSPM/LZ

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can get you started. ~ OB

Read other 3 answers
RELEVANCY SCORE 97.6

My PC is infected with worm win32 netsky and/or TrojanSPM/LX. It has locked me out of my user accounts and I cannot access windows via any of the accounts. When I tried clicking on any of my 3 user accounts it will logged off and save my settings returning me to the User accounts menu. My PC has trend micro. Despite scanning many times by it the msg is that my PC is infected with TrojanSPM/LX. I then downloaded Avast antivirus. It then reported I have a worm win32 netsky virus. I scanned the system and no virus was found. When I logged off I cannot access windows again despite pressing F8 and trying normal, best configuration,safe or VGA mode. Both programs have scanned and found nothing. I believe if i can scanned XP in dos mode it may knock out the worm but i do not know how to get hold of a bootable USB or CD virus signature files. Please advise as i do not wish to rebuild. Thanks heaps.

Read other answers
RELEVANCY SCORE 97.6

Hi, My computer has been infected with adware, spyware of all sorts.I have run Adaware, SpyBot, Online scans, Stinger, AVG Anti-Spyware.They have found and removed Virtumonde, Win32.Trojan (various), Worm.VB.dz etcI am posting the latest HijackThis log. Is there anything else I shouldbe doing? I have also found and removed files "frmwrk.exe", "4.exe".Thanks.MehmetLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:01:37 PM, on 9/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\inetsrv\inetinf... Read more

A:Infected With Virtumonde, Win32.trojan, Worm.vb.dz Etc

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 5 answers
RELEVANCY SCORE 97.2

Hi bleeping computer helpers,I was infected by the worm.win32.autorun.avz which quickly overwhelmed my AVG scanner which was up to date and operating at the time.I installed Kaspersky Internet Security 7.0.1.321 and it found over 230 examples of the autorun worm as well as lots of the trojan PSW.Win 32.OnLineGames.lej (and numberous other OnLineGames.---) as listed above. At first the virus was restarted every time I restarted the computer but now I have "clean" results from Kaspersky after multiple full system scans.I have also done the following as per the instructions in the prep guide:- Cleaned out temp files- scanned with Ad-Aware and Spybot- scanned with Housecall, Panda and Bit Defender- Run McAfee AVERT stinger- my Kaspersky firewall is active- I have the latest Windows Updates downloaded and installedAll of these came back with a "clean" report with the following exceptions which I believe to be false positives based on googling the name of the "problem".One or more of the scanners objected to the following issues:LvPrcSrve.exe which I believe is a valid part of the Logitech Quickcamwltrysvc.exe which I believe is part of the Belkin Wireless strength monitorKeylogger \Driver\mhk which I believe is part of my BestCrypt programSbRecovery.ini which I believe is part of Spybotsvchost.exe which I believe is a part of Windows despite Kaspersky telling me 5-6 times in a row that an "executable file has been modified since last s... Read more

A:Worm.win32.autorun.avz And Trojan-psw.win32.onlinegames.lej And Also Ending W/ .lek .isb .loi .leh .hfr

Hello GDW and welcome to the BC HijackThis forum. Let's see what else shows up with a different scanner.Before running the scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Check the box for Include MD5 on the toolbar.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select ... Read more

Read other 6 answers
RELEVANCY SCORE 97.2

Hello - this is my first time posting (or even having a virus for that matter). My computer and flash drive have been infected with a virus (thanks to one of my colleagues) and I have spent hours trying to get rid of it. I am at the end of my rope! The virus originally showed up as "windowsmsnlive.exe" and I worked like hell to get rid of it, running NAV, Malwarebytes, and eventually SDfix. But somehow the virus kept coming back. I realized it was the autorun feature on my CPU and flash drives, so I disabled that and have not seen windowsmsnlive.exe for a couple of days. However, my paranoid nature will not allow me to believe that I have gotten rid of it and i am afraid to plug my flash drive into my home computer for fear of spreading something. I ran Kaspersky today and got the following report:

File name Threat Threats count
C:\Documents and Settings\Admin\Desktop\Docs and pics\autorun.inf Infected: Worm.Win32.AutoRun.efg 1
C:\Documents and Settings\Admin\Desktop\Docs and pics\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-2501\shellopen.exe Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups_old\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
C:\SDFix\backups_old1\backups.zip Infected: Trojan.Win32.Buzus.bkbe 1
E:\RECYCLER\S-1-6-21-1254946310-2159485961-600003330-... Read more

A:Trojan.Win32.Buzus.bkbe AND Worm.Win32.AutoRun.efg

Hello - this is my first time posting (or even having a virus for that matter). My computer and flash drive have been infected with a virus (thanks to one of my colleagues) and I have spent hours trying to get rid of it. I am at the end of my rope! The virus originally showed up as "windowsmsnlive.exe" and I worked like hell to get rid of it, running NAV, Malwarebytes, and eventually SDfix. But somehow the virus kept coming back. I realized it was the autorun feature on my CPU and flash drives, so I disabled that and have not seen windowsmsnlive.exe for a couple of days. However, my paranoid nature will not allow me to believe that I have gotten rid of it and i am afraid to plug my flash drive into my home computer for fear of spreading something.

Here is the DDS report:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Admin at 8:38:16.14 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Sy... Read more

Read other 3 answers
RELEVANCY SCORE 97.2

Hello and thank you in advance,I have attached the DSS reports and the Kapersky report below. Besides having a slow computer, I have noticed that in my "suspect e-mail folder" in my Earthlink account I have lots of messages reading "delivery error" and there are a lot of messages I never sent. I'm pretty sure this would be the e-mail worm that's in the Kapersky report. I'm not sure about all the rest. We use the Windows Firewall and AVG Free 8.0. I also have used SpyBot Search and Destroy. I think Kapersky found more than everything else combined. Can you please help me clean up my computer? Thanks!!!THE DSS Main.txt report:Deckard's System Scanner v20071014.68Run by Meredith on 2008-07-28 07:25:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --84: 2008-07-28 14:26:14 UTC - RP763 - Deckard's System Scanner Restore Point83: 2008-07-27 16:48:35 UTC - RP762 - System Checkpoint82: 2008-07-26 16:47:22 UTC - RP761 - System Checkpoint81: 2008-07-25 16:17:28 UTC - RP760 - System Checkpoint80: 2008-07-24 15:54:47 UTC - RP759 - System Checkpoint-- First Restore Point -- 1: 2008-04-29 22:03:55 UTC - RP680 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 255 MiB (512 MiB recommended... Read more

A:Trojan-downloader.win32.vb.ah And Email-worm.win32.sircam.c

Just wondering... how long does it take for someone to respond?

Read other 30 answers
RELEVANCY SCORE 97.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:44:57 p.m., on 28/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\HP\Digital Imaging\bin\... Read more

A:Infected With Generic7 & Generic11 Trojan Horse

CAN ANYBODY HELP? Please it gets worse everyday!!

Read other 9 answers
RELEVANCY SCORE 96.8

Athlon AMD pc Windows XP Service pack3

My F-Secure antivirus keeps warning me about malware eg koobface but can only deal with it by renaming it. Spybot and Malwarebytes have identified Win32.agent.pz, Win32.BHO.je,and virtumonde.dll (among others). I have tried turning off System Restore and have used Safe Mode but all to no avail as they keep returning.
I have downloaded Hijack this so could post a log if required.
Any help would be much appreciated. Thank you.
 

Read other answers
RELEVANCY SCORE 96.8

Hi There,
As you can see by my thread title, I've been infected with a bunch of things. I ran an AVG scan and it ended up showing 19 different threats. Aside from these viruses, trojans called BackDoor.Generic11.HUH,SHeur2.ADCYs and Vundo.GK were also on the list. The 19 items were moved to the vault and the computer restarted.

Upon restarting, there is a wallpaper that is from the virus saying my computer has been infected and that I should clean it.

In the system tray there is a red circle with a white 'X' in it. Every minute or so during the AVG scan it would pop-up and say I had a virus and I should use spyware cleaners to clean it.

Opening My Computer etc is very slow and I can not update my AVG definitions. Just after completing a HJT scan I recieved the dreaded blue screen that said 'A threard tried to release a resource it did not own'.

I have included below my HJT log. If you could provide me with any assistance I would greatly appreciate it. I have the latest AVG Free and have no idea how I got so badly infected. I considered a format, but I have not backed-up in a while. Is there a way to recover my data?

I am sorry for the lengthy response. I wanted to provide you with as much detail as possible.

Thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:10 AM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C... Read more

A:Win32/Cryptor, Win32/Heur, Win32/PolyCrypt

Read other 8 answers
RELEVANCY SCORE 96.8

When I start my computer, I receive notice that my windows firewall is off. When I click on the icon, it tells me my firewall is on. I have pieces of icons (font.exe) on my desktop, which will not move into my recycle bin. An hourglass remains on my desktop whether I am on the internet or working offline (and the computer is slow; for example, when I type in a password, the letters do not appear on the screen right away). NOD 32 virus scan detects the trojan and quarantines it, but if I run a malwarebytes', super antispyware, or lavasoft scan, the worm and trojan are detected. Scans indicate I must restart my computer to completely remove traces of these malicious objects, which I do. When restarting my computer, a windows boot cleaner appears on a blue screen with a list of deleted internet explorer files. Then the whole process starts again, with NOD detecting an Internet Explorer Trojan agent and downloader. How can I get rid
of this trojan and worm once and for all? Any help is much appreciated.

A:Infected with Win32 Trojan Delf & Worm Archive

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 96.4

I can not get my computer to connect to network drives or printers. It can't even detect the other computers in my network. I have ran McAfee, Malwarebytes, Adaware, and others. I have gone in and removed the xblgen.exe file and ran C-cleaner and I still can't connect to shared drives or printers in my network. Also, Kaspersky is still finding several Trojans when none of these other programs do. Here are the log files I have generated from Kaspersky, HiJackThis:Kaspersky:--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORTTuesday, March 24, 2009Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Tuesday, March 24, 2009 16:35:03Records in database: 1962148--------------------------------------------------------------------------------Scan settings:Scan using the following database: extendedScan archives: yesScan mail databases: yesScan area - My Computer:A:\C:\D:\Scan statistics:Files scanned: 90930Threat name: 5Infected objects: 16Suspicious objects: 0Duration of the scan: 02:19:56File name / Threat name / Threats countC:\Qoobox\Quarantine\C\adsaddssgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1C:\Qoobox\Quarantine\C\adsajfdsgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1C:\Qoobox\Quarantine\C\adsasgl.exe.vir Infected: Trojan.Win32.Agent2.ezc ... Read more

A:Net-Worm.Win32.Kolab.blm 1 & Trojan.Win32.Agent2.ezc 1

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 7 answers
RELEVANCY SCORE 96.4

Im going nutz with these two and I dont know how to get rid of them. Windows XP running. Tried to understand other threads but not sure if it would apply to what I have here. A great deal of help needed!
 

A:virus IM-Worm.win32 and also Trojan-downloader.win32

Read other 16 answers
RELEVANCY SCORE 96

I have an F-Secure internet security software suite on this computer, and it is up-to-date and functioning. I also have MalwareBytes (free) installed and have been running it regularly, and I use the ESET Online Scanner as well. The OS is Windows XP, and it is up-to-date.About three weeks ago I cleaned around three trojans from this computer using MBAM and the online scanner. A few days ago, Adware.Win32.WebHancer.x was found by F-Secure, and is currently quarantined. Today, several instances of the two Trojan-Spy programs were found and quarantined by F-Secure; they infect system files and system restore files. I already looked up information on cleaning the system restore files by stopping and restarting system restore (and scanning inbetween). I deleted the quarantined files.All of the Spy-Trojan's found are infecting in C:\hp\recovery\wizard\fscommand\. The file names are:AppRecoveryLink_ret.exeCDLogic_ret.exeCreatorLink_ret.exeRestoreLink_ret.exeRTCDLink_ret.exeRunLink_ret.exeSysRecoveryLink_ret.exeWizardLink_ret.exeThe Adware infected a .dll file, and I was advised not to delete it.CDLogic_ret.exe is Agent.bdzz; the rest are Agent.beafI have run my antivirus, MBAM, and the online scanner again and they picked up nothing. Also, the Adware and Trojan-Spy's were all found during MBAM scans, but F-Secure picked them up.I have attached a HiJackThis log and a DDS log; GMER froze my computer partway through the scan when I used it. I have ran a... Read more

A:Infected with Trojan-Spy.Win32.Agent.bdzz, Trojan-Spy.Win32.Agent.beaf, and Adware.Win32.WebHancer.x

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers