Over 1 million tech questions and answers.

Trojan Horse Generic9.BHMO

Q: Trojan Horse Generic9.BHMO

Hi there guys just wondering if neone knows what the hell kind of trojan this is and how the hell do i go about removing all 8000 of them????

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Trojan Horse Generic9.BHMO

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 135.6

I cant seem to get rid of this nasty thing. I have ran AVG and it comes up with like 13409 + .exe files so far. It is located in my Windows\Fonts Folder. It seems like i can keep running the antivirus and it keeps finding more. Is ther any way of "destroying" this thing?
Here is my Hijackthislog; Hope this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:23 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\PROGRA~1\INCRED~... Read more

Read other answers
RELEVANCY SCORE 89.2

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 88

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 83.2

Hello. AVG picked it up and I'm having a difficult time figuring out how to get rid of it. I'm not sure what it's doing or what it does, but whenever I run a virus scan, it always gets picked up somewhere on my hard dives. AVG can successfully heal or move it to the virus vault, but whenever I run the scan again, it's back in some other place. Does anyone know how to get rid of it? Maybe someone can point me in the right direction?

Thanks!

--------------------------------------
Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:28 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.... Read more

Read other answers
RELEVANCY SCORE 83.2

Hello

My explorer use (both win explorer and internet explorer) is terrorised by an AVG pop up warning about a Trojan.
What do I have to fix in my software and how ?

Thanks in advance and kind regards. JPMaurice

A:Trojan Horse Generic9.xld

Did your scan provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?"Generic Trojan" is a heuristic detection and a name provided to possible new variants of malware. AVG uses heuristic detection which incorporates the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.See How AVG Heuristic Analysis Works. Get a second opinion, by submitting the file to jotti's virusscan or virustotal.com. In the &q... Read more

Read other 5 answers
RELEVANCY SCORE 82.4

Hello I have a recurring trojan showing up with AVG. trojan horse downloader generic9.aebx I have tried to delete it several timnes to no avail. My computer has been freezing after 10mins or so after boot up, and running really slow. Is it possible that this might be the cause?Here is the HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:09 PM, on 1/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\Explorer.EXED:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeD:\WINDOWS\system32\CTHELPER.EXED:\WINDOWS\system32\CTXFIHLP.EXED:\WINDOWS\system32\rundll32.exeD:\WINDOWS\SYSTEM32\CTXFISPI.EXED:\PROGRA~1\AVG\AVG8\avgtray.exeD:\WINDOWS\system32\RUNDLL32.EXED:\Program Files\Ideazon\ZEngine\Zboard.exeD:\Program Files\iTunes\iTunesHelper.exeD:\Program Files\Zune\ZuneLauncher.exeD:\program files\steam ... Read more

A:trojan horse downloader generic9

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 82.4

The alert of this trojan horse infection keeps appearing whenever i try to access my drives through "My Computer". Even though i click on move to vault, this problem persist repeatedly.

I have run AVG, scanned and remove to vault but problem persist.

I tried to access and del the filename: C:\WINDOWS\system32\winxp.exe but the file reappears each time click on C drive in "My Computer" too!

This process name is stated each time the threat is detected
Process name: C\WINDOWS\system32\wscript.exe

I would really appreciate if anyone out there can help me on this. Thanks a million.


========================================================




DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 1:19:25.96 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2568 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGR... Read more

A:HELP! Trojan horse BackDoor.Generic9.MQL

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

You have an autorun worm onboard. These are typically transmitted via USB flash drive, or other USB devices. Please ensure any USB key recently used is inserted in the machi... Read more

Read other 19 answers
RELEVANCY SCORE 82.4

Ok, to start it off i think i have had this since monday, 1/28/08
It started out as a Trojan.Vundo, i ran multiple anti-spyware/cleaners. Then i found a program called "VundoFix" it seemed to have worked, but caused 3 .dll run errors on startup. Yesterday AVG found the trojan horse generic9.aibf, it healed it, but found it again this morning.
I don't know what to do anymore.

A:Trojan Horse Generic9.aibf

RunDLL32.exe is a legit Windows file that loads .dll files which too can be legit or malware related. The "Cannot find...", "Could not run..." or "Error loading..." message usually occurs when the .dll file(s) that was set to run at startup has been deleted and it becomes an orphaned registry entry. Windows is trying to load this file(s) but cannot locate it since the file was removed during an anti-virus or anti-malware scan, or the uninstall of a program. However, the associated registry entry remains and is telling Windows to load the file when you boot up.When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error... Read more

Read other 3 answers
RELEVANCY SCORE 82.4

Hello. I have followed the instructions, and am ready to post. I will now describe my problem.

AVG has detected something called "Trojan Horse Generic9.AVRP". The letters after the dot often vary. The location is in system32, and it is always .dll. It seems that AVG detects a fresh batch every time I start up.

Thank you very much in advance for any help you may give me, as I am quite annoyed with this virus. That being said, I am very patient and willing to work through this.

I am posting the following:
1. Hijackthis Log
2. Panda Online Virus Scan Report
3. Main.txt from Deckard's

I seem to have lost the extra.txt file, and after re-running deckard's it was not created a second time.

Thanks again for any help

Sincerely,
James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.... Read more

A:Trojan Horse Generic9--detected by AVG

Hello -

I'd prefer to see the first main.txt, along with the extra.txt

They should both be located at C:\Deckard\System Scanner\< a numbered folder >\

Please locate them and post.

Read other 3 answers
RELEVANCY SCORE 82.4

I have been stuck with Trojan Horse Generic9.AQNO since 6:59 AM Friday Morning. I did not feel like allowing it to ruin my weekend so I did not bother with it until this morning. I am stuck. C:WINDOWS\System32\xstwbtzd.dll can not be deleted. Thanks in advance for any help.

A:Trojan Horse Generic9.aqno

Hello and welcome. What application found this and is this an XP system?Let's do this first.Download SUPERAntiSpyware , Free Home Version. Save to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPER... Read more

Read other 3 answers
RELEVANCY SCORE 82.4

My AVG AntiVirus when I log on to Windows insists in popping up some windows with uknows DLLs (in C:\Windows\System32\... ) that are described as Trojan Horse Generic9.AQNO and "Virus Found Lop" ...In a case, my winlogon.exe terminated and my PC forced to restart. Then again the popping windows.I scanned my computer withSpybot Search & DestroyAVG Antivirus 7.5 (Personal Edition)Counter SpyNow I am attaching my HiJackThis log...Should I be disturbed.....???? Thanx for help [attachment=3673:hijackthis_log.txt]

A:Trojan Horse Generic9.aqno

Anyone!?

Read other 2 answers
RELEVANCY SCORE 82.4

Hello,

I just bought a second-hand computer and the only problem seems to be that a pop-up comes up every few minutes. It says the computer found a threat like these:

C:\WINDOWS\SYSTEMS32\svchost.exe

C:\WINDOWS\Temp\xhohpp\setup.exe

Trojan Horse PSW Generic9 ASRC

I have Avg Free 8.5 anti-virus (that needs to be updated) and Spybot Search & Destroy 1.2 installed but I can't seem to used the spybot and I can't get rid of it either. I tried to delete those but Avg couldn't delete them. I don't have a credit card or have access to anti-virus besides that free Avg. How do I delete those? I'm on the safe mode right now cause I don't know what else to do. I would really appreciate it if someone can help me.

Thanks

A:Need help with trojan horse PSW Generic9 ASRC

Hello and welcome to TSF.

We require a comprehensive set of logs to determine the presence of malware or to answer such questions. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 12 answers
RELEVANCY SCORE 82.4

AVG Free Anti-Virus found this in the filename SVCLauncher.exe on 11/17/2007 and again today (11-18-2007) in filename A0054356.exe.
I'm currently running a Kaspersky on line scan.

The computer is a Dell Insprion 9400 with WinXp sp2.

Thanks in advance for any and all help.

A:Trojan Horse Generic9.vpa Infection

Where did AVG find A0054356.exe?It looks like a file normally found in the System Volume Information Folder (SVI) which is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it. Since the System Volume Information folder is a protected directory, your tools cannot access it to delete these files and they sometimes can reinfect your system if you accidentally use an old restore point.If that is where AVG found the file, to resolve this, you need to Set a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

Read other 10 answers
RELEVANCY SCORE 82.4

AVG opening every few min with a new threat! please help! Ive enclsoed Hijack File and attached "attach.txt and dds.txt.
please note there was a process highlighted in red - PING - I killed that process to try to stop the threats every few min. I hope thats ok. didn't think there should be a Ping process going on.

thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:19 PM, on 2/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C... Read more

A:AGV says I've caught the Generic9 Trojan Horse

Read other 16 answers
RELEVANCY SCORE 82.4

I made a thread awhile ago and I stopped cause I thought I was getting a CD that would store it but it looks like it's not happening. I wouldn't mind if the same moderator who helped on this (thanks Amateur, I noticed that some pop ups are gone ) but if he's too busy I would like help from anyone .

Here's the thread

Need help with trojan horse PSW Generic9 ASRC

I was on safe mode and downloaded the combofix but I had to disarm the avg but I couldn't do it on safe mode so I removed it before I did the combofix scan. When I went online next, I downloaded the free avg anti-virus 2012. I haven't used it for scanning yet. Here's the results from combofix scan.

ComboFix 11-12-13.03 - Amy 13/12/2011 18:27:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.303 [GMT -5:00]
Running from: c:\documents and settings\Amy\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma In... Read more

A:Re: Needs help with trojan horse PSW generic9 ASRC

Do I download the combofix and windows console thing again?

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 16/12/2011 by Amy
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sy*"
C:\I386\NETBT.SYS --a--c- 157056 bytes [00:32 05/11/2003] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [06:26 06/10/2008] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\$NtUninstallKB824105$\netbt.sys -----c- 157056 bytes [00:52 06/02/2004] [11:00 29/08/2002] D96F3BC5A6E7452B0E3275B560DC8528
C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [06:14 04/08/2004] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys --a---- 162816 bytes [11:00 29/08/2002] [19:21 13/04/2008] 4D2AE08FD92F61A4A53A4DC1E29EF7EA

-= EOF =-

Read other 15 answers
RELEVANCY SCORE 81.6

Thanks for help and my problem with Trojan Horse Generic9.AKUT and everytime i start my pc my AVG detected this Trojan and ask me Heal it..I did and it keep coming back next restart pc . The file look like 4219413.exe and under c/windows/temp/appreciated the help and im newbie with all this stuff pls help I followed the steps i been told !Scanned with Adware and spybot .Housecall Anti Virus - scanned too took me 4 hoursMcAfee Avert Stinger v2.6.0 [1,144,839 bytes] (4/5/2006) scaned tooI got Window Firewall ONLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:47:37 AM, on 1/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\WINDOWS\system32\VTTimer.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\... Read more

A:Inffected With Trojan Horse Generic9.akut

Anyone can help my problem pls ?

Read other 2 answers
RELEVANCY SCORE 81.6

Hi,

Can anyone please help me. I've got a lot of important information on my computer and I haven't backed it up because I'm useless with PC's and didn't know at the time I needed to, now I think its too late. I have AVG free addition anti virus because my Mcafee ran out. It seems to be picking up both Trojan horse Generic9.AKBO & a virus JS/psyme but when it says heal then restart the PC they come straight back?! I've also tried running Ad-aware but no look, these programs all seem to slow the computer down dramatically, is there a reason for this or should I just delete them? I don't know how to list a Hijack this log either.

Thanks Danny
 

A:Trojan horse Generic9.AKBO & JS/psyme

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 81.6

Hi!I am new to this forum, so please correct me if I somehow "misbehave" I usually don't surf with the IE, but recently I had to because my Opera wouldn't play some nba.com video footage.Afterwards my IE displayed two warnings about downloading either PerformanceOptimizer or NeuerSchild (German, NewShield in English) to fix a virus that infected my PC. I didn't download anything, but soon my AVG 7.5 kept popping up reporting a virus called Generic9.AQNO or Virus Lop which are supposed to be trojan horses. I selected "Move to Vault" everytime. But now IE windows keep popping up out of thin air telling me to join a browser-game called "Gladiatus", or to download NeuerSchild.As of now, there are hardly any deficits in performance, though I am still worried about the security of my PC. It is possibly of interest that I run Windows Vista Home Premium.HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:08:01, on 19.02.2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG Antivirus\avgcc.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\OEM02Mon.exeC:\Program Files\Razer... Read more

A:Trojan Horse Generic9.aqno/virus Lop

Hi,let us first take care of your internal HD.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallRegards,Rosty.

Read other 6 answers
RELEVANCY SCORE 81.6

Dear friends,
Whenever I start my computer my AVG anti-virus free edition detects Trojan Horse Generic9.AEUA in C:\WINDOWS\sarc.exe and claims to heal them.But whenever I restart my computer at a later time AVG again detects the same trojan horse in the same system file.This trojan horse however hasn't effected the performance of my computer .Pleaze help me get rid of this!!!!!!!!!

A:Pleaze help me get rid of Trojan Horse Generic9.AEUA

Please go HERE and carry out the instructions that are posted.

If you cannot complete any of the Steps, simply move on to the next one - remember to let the Analyst know about this when you post your logs.

Do not post your logs back in this thread - follow the guidance in the above link!

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply.

Read other 1 answers
RELEVANCY SCORE 81.6

I had left my computer alone this morning.  Firefox was open to a blank tab but minimized.  When I came back, AVG Free 2014 was reporting a malware infection, claiming that TFC.exe was infected with a Trojan horse Dropper.Generic9.SLV.  I told it to fix the problem which sent the file to the virus vault.
Then I left the house for a while and when I came back, another notice had popped up, saying svchost.exe was infected with the same thing.  Here are the details on that second notice.
 
Trojan horse Dropper.Generic9.SLV
c:\System Volume Information\_restore{AED28984-2886-4F12-A886-B7CDBE4CC936}\RP227\A0036475.exe
Process name: C:\WINDOWS\system32\svchost.exe
 
I told it to isolate the problem, and it is once again in the virus vault.  Basically, I think I have a Trojan Horse Dropper, and I need help in getting rid of it/fixing it.  DDS log to follow, with Attach.txt added as an attachment, as per the Preparation Guide instructions.  Thanks in advance for any help you guys can provide.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 15:27:21 on 2014-01-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2043.1236 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sy... Read more

A:Trojan horse Dropper.Generic9.SLV Infection

Hello starblazers I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

Read other 25 answers
RELEVANCY SCORE 81.6

Hello, I hope someone out there can help.
 
My mom downloaded a game from Pogo.com today called The Clumsys 2 Butterfly and AVG Anitivirus Software picked up the following infection: PSW.Generic9.BSIU. 
 
It said it was located in the following location: c:\Games\Pogo\The Clumsys 2 Butterly Effect\theclumsys2.ifn
 
The first thing i did was select "Protect Me" on the AVG software, and it said that it had successfully gotten rid of the infection.  I then uninstalled the game and ran a scan with the following programs:
 
--MalwareBytes
--Kapersky TDSS Killer
--AVG Antivirus
--Super AntiSpyware
 
My Mom's System Is:
 
HP Pavillion P6-2350
Windows 8 64-Bit
 
All of the above programs said that the system was clean.  There isn't much info online about this particular threat...but is there any other program that I can use to make sure that this threat is no longer active?  Any and all suggestions are welcome.  Thanks in advance!
 
ON A SIDE NOTE:  My mom tends to get lots of viruses on her computer and she mostly plays games that are from Pogo.com.  Does anyone know whether or not Pogo makes its users susceptible to malware and viruses?

A:How do I Remove Trojan Horse: PSW.Generic9.BSIU?

Hello Ali_bear,My name is Cody and I'll be helping you clean up your computer. I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.==========================================================================Some points for you to keep in mind:Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. ... Read more

Read other 6 answers
RELEVANCY SCORE 81.6

hello greetings.

I have downloaded and installed this trojan or hatever it is, was supose to do what it did lol, was supose to install new themes for my windows xp. my antivirus didnt react so I installed, after reboot a weird sound comes out my computer, somethign mess with the keyboard after install and keep typing going trough dos to the welcome windows to introduce password but this thing is keep typing giving me no chance to delete, the trojan installer is Crack.Windows.7.Theme.for.WindowsXP.45059.exe, descripcion: Trojan horse Downloader.Generic9.AILO is is in my documents folder, and shows also another adress after click as process name, c:\WINDOWS\explorer.exe .
Im using my second hd wich has op for this cases and Im doing what I can to fix this, I found the virus,
I found the virus I can delete but the harm to my boot system is what I need to fix, please any help aspreciate, Im working on this and keep an eye here for some help, I think I should find to repair the boot system but it seems is working this is more like a boot bug (start typing a letter for ever from the turn computer on)
my system is p4 2.4 windows xp sp3

thanks in advance.. Nik

Read other answers
RELEVANCY SCORE 80.4

AVG detected Trojan horse Downloader.Generic9.CAXD. AVG will remove them and say the computer needs to be restarted but they come back every time I restart

- I deleted all the files from my temp folder.
- I cleared the System Volume Information (SVI) by "Turning off System Restore".
- Then I changed the security setting in SVI folder and I was able to remove it temporarly but when I reboot the system the virus reappears.
- The virus that AVG detects resides in this folder but obviously there is a problem somewhere else too, maybe the master boot record :

"C:\System Volume Information\Microsoft\smss.exe"
"C:\System Volume Information\Microsoft\services.exe"

How do I remove Trojan horse Downloader.Generic9.CAXD?

Help appreciated. Thanks.

A:How do I remove Trojan horse Downloader.Generic9.CAXD

Welcome to TSF :)

You have pretty serious infection, i will need to know what version of Windows you have. Also, i will need the same windows installation disc. Let me know.

Thanks

Read other 2 answers
RELEVANCY SCORE 80.4

Hi there, I am new to this forum! I used AVG and detected just 1 infection: While opening file: E\\WINDOWS\System32\msimg3.dllTrojan.horse.Generic9.AATH. After healing and restarting my pc, it replicates itself whenever I open IE browser.Here is my HiJackThis log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:41 PM, on 12/25/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeE:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeE:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeE:\PROGRA~1\Grisoft\AVG7\avgemc.exeE:\Program Files\Bonjour\mDNSResponder.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS... Read more

A:Can't Remove Replicating Trojan.horse.generic9.aath

Hi Pearce15!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.

Read other 24 answers
RELEVANCY SCORE 80.4

This computer has constant popups from AVG AntiVirus. They say: Threat Detected! While opening file: C:\WINDOWS\system32\commdl.dll - Trojan horse Generic9.AHKQ. There are options to ingnore, info, heal, and move to vault. When I try to heal it says that to finish the process the computer needs to reboot. However, after I reboot the popups keep coming.

I downloaded the dss scanner, but just as it is about to finish, windows has an error and askes me whether to send the error to mictrosoft or not. So, I do not have a log to post. The computer is running Windows XP SP2, and I did run the Panda Active scan. If you would like that log, let me know. Thanks for your help,

Brandon

Read other answers
RELEVANCY SCORE 79.6

Hi, My pc acting very strange since a few days and I found with AVG and Ad-Aware about 20 various infected files and malware. Unfortunately, I didn't noted all of these but the last I noted was :

Trojan horse BHO.DFZ (file name : cmp638)
Trojan horse generic9.BESJ (file name : ptch)
Virus found lop (mlljj.dll)
...

I cleaned and removed all those I found but my pc doesn't seems like before, it's slower, many pop-ups comes with internet explorer, maybe keylogging malware are on because somes of characters i write disappear. Maybe the worst is behind me but i'm pretty sure there's again a lot to clean.

Thanks!

Note : I did all the 5 steps suggested on the site.

Panda log file :

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcbaxu.dll
Potentially unwanted tool:Application/NirCmd.A ... Read more

A:somes malwares(many pop-ups) and virus (ex:trojan horse BHO.DFZ, generic9.BESJ)

1. Download & save this file to DESKTOP - http://download.bleepingcomputer.com...+/ComboFix.exe

2. Double click to run it

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 9 answers
RELEVANCY SCORE 72.4

Hi, I have just rebooted my computer and avg is picking up the trojan mentioned in the title, when it is removed there is a second one that comes from the recyclers folder, it is called dropper.Generic.bygt.dropper. They bsre one has just returned from the system volume information folder so I'm kind of worried they are not being cleared properly by avg. Thanks for any help you can give with this.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:35:44.85 on Tue 06/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.83 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Progra... Read more

A:Recently rebooted computer finds Trojan horse downloader downloader.generic9.bsre

BUMP please

Read other 10 answers
RELEVANCY SCORE 66

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 65.6

Hello,Ive got this trojan on my computer. On the taskbar i have the red circle iron with the white x and the yellow bubble with warning messages, also ive got pop-up error messages.I have ran a AVG Anti-Virus scan and it found the file win.exe which is Troian Horse Generic9.BLHZ. AVG deleted the file but its still here.Please Help.HijackThis log below: - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:51:11, on 23/03/2008Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Prog... Read more

A:Infected With Troian Horse Generic9.blhz

Now it makes sense why we are just spinning our wheelsWe can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, Without this update, you're wide open to re-infection, and we're both just wasting our time.Click hereApply the update, reboot, and post a fresh Hijack This log.

Read other 17 answers
RELEVANCY SCORE 62.8

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 59.2

HelloIn replacement of "FORUM Am I infected? What do I do? - Trojan Horse Generic9.xld - AVG resident shield message"EVENT.Using WinXp pro - more specific when I handle windows explorer and/or internet explorer I get always messages from AVG resident shield -1.- TrojanHorse Generic 9.xldand since complete re?nstall of AVG a new message (which seems to have replaced this mentioned under 1.)2.- TrojanHorse BHO.CVX Seems both are connected to = C:\windows\system32\cscuit.dllIst impossible to upload-copy-move-replace-or delete this DLL file.The genuine file = C:\windows\system32\cscui.dll is still existing.Multiple times I used in normal and if possible in safe mode following programs =- Lavasoft Ad-Aware 2007 free edition- Super AntiSpyware free edition- CCleaner- ATF-cleaner- Spybot Search & Destroy- Revo Uninstaller- ZoneAlarm free edition firewall- Avg 7.5 free edition virusscannerWhile using Ad-Aware2007 total scan today I got a new AVG resident shield warning : (quote) While opening file C:\SystemVolumeInformation\_restore{475315DE9-7B76-4761-8190-8D72AAA58ACF}\RP96\A0032745.dLLTrojan Horse Generic9.XLDLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:12:31, on 22-12-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\s... Read more

A:Trojan Bho.cvx + Generic9.xld

Hello jpmaurice and welcome to the BC HijackThis forum. Let's see what else we can find.Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.In the Driver Services section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Software Policy Settings
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.Cheers.OT

Read other 18 answers
RELEVANCY SCORE 58.8

HI,
I'm running AVG and SuperAntiSpyware. Found the above trojans during the last scan. Followed your basic instructions to obtain the Panda ActiveScan log, as well as Deckards System Scanner logs. Below are both logs. I am attaching the 'extra.txt' from Deckards.


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Default User\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Default User\Desktop\SmitfraudFix\restart.exe
Adware:Adware/Comet Not disinfected C:\Documen... Read more

A:AVG Found: Trojan generic9.bfhf and Trojan VB.CEC

Bump, bump

Read other 1 answers
RELEVANCY SCORE 58.4

Any advice? My computer has been running weird lately and I'm not the most technologically savvy guy. But after I registered and used combofix for a certain problem I am impressed with this site so I thought I would ask for help.

Basically I installed AVG the free edition and ran it. Then over a period of time I receive pop-ups from AVG claiming this Generic9.AATD trojan and asks to either heal it or send it to the virus vault. I have done both and then restarted my computer each time but it the same Generic9.AATD trojan pops-up with AVG each time I am on my computer.

It especially pop-ups every time I open a new window in internet explorer

A:Avg Says I Have Generic9.aatd Trojan

Hello and welcome Did the AVG give you a path to the infection (eg. C:\ Windows ....)? Post that info please,also what is your Operating System? Have you tried performing an AVG scan from Safe Mode? How to start Windows in Safe ModeIf no joy there then do this...Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware, Free Home User version.Double-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from HERE and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your compu... Read more

Read other 2 answers
RELEVANCY SCORE 58

hello,I'm a fairly experienced pc user,but I can't seem to destroy this trojan:Downloader.Generic9.CDFLI would highly appreciate any help!AVG comes back with this report:"Bestand";"Infectie";"Resultaat""C:\System Volume Information\Microsoft\smss.exe (1604)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\smss.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""C:\System Volume Information\Microsoft\services.exe (932)";"Trojaans paard Downloader.Generic9.CDFL";"""C:\System Volume Information\Microsoft\services.exe";"Trojaans paard Downloader.Generic9.CDFL";"Object is niet toegankelijk.""Object is niet toegankelijk." is Dutch for "Object is not accessible" so they are not Quarainteened or destroyed.System restore didn't help.Here's my HiJackThis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:23:14, on 21/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\System Volume Information\Microsof... Read more

A:Trojan Downloader.Generic9.CDFL

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

Read other 32 answers
RELEVANCY SCORE 58

I am running Windows Vista on a Dell Inspiron 1501 laptop. AVG picked up a Trojan virus called "generic 9". I'm not sure if it cleaned it or just put it in the "vault". Could it be causing the problems I am having? The problems are: when I open IE, 2 windows automatically open. 1 is supposedly a Dell/google news page that defaults a map to california (i live in virginia). It also automatically opens a second tab that is supposedly a Dell support page. Neither page looks exactly like true Dell or Google pages. Also, a friend at work told me to run a "combo fix" program. I found it and installed it and tried to run it. It said I had to disable AVG, so I thought I did. When I shut down and restarted, my desktop picture was gone and cannot be changed - it's just black.
PLEASE HELP!

My computer has slowed down a bit too. Without any programs running, my task manager says around 70 processes...I don't know if that means anything.

Help is very appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:53 PM, on 6/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe... Read more

Read other answers
RELEVANCY SCORE 57.2

Hi.
I got hit by the NSAnti virus and a Generic9.BAYO (as reported by AVG) and Adware.BHO, IEHlpr, a Dialer, and two more trojans (from Ad-Aware)
I've been trying to remove the malware but it looks like its already made copies of itself as it seems AVG and Ad-Aware cannot seem to remove it once and for all.(I've been having alerts regarding the same malware for a few days now)
AVG reports that a file called mrtj.dll is infected with NSANti, and a file called fool0.dll in my system32 folder is infected with the BAYO trojan.
attached are my latest Ad-Aware and HJT logs. thanks in advance.
 

Read other answers
RELEVANCY SCORE 57.2

While closing out Firefox 26.0 after a visit to FB, I recently experienced a threat warning from AVG 2014 (free) alerting me that it has detected a virus, 'Trojan horse Dropper.Generic9.SLV', associated with "TFC.exe". I allowed AVG to seize and quarentine the infection and preceeded to run a additional scans with Kaspersy TDSS killer, Eset online scanner, Malwarebytes, SAS, Mbar AntiRoot, AdwCleaner and JRT. All these subsequent scans reported back _clean_. A few hours later- another AVG alert, reported two additional threats of 'Trogan horse Dropper.Generic9.SLV' which compromised two restore points : 'c;\System Volume Information\_restore{ F1B82C3E-2851-4FDE-9535-3479AAE956FF}\RP1132\A0139508.exe and (the same sequence but) ending in " "\A0139573.exe. 
 
The almost exact occrance I experienced is currently being addressed on another topic- here: http://www.bleepingcomputer.com/forums/t/522653/trojan-horse-droppergeneric9slv-infection/ . However, unlike the other member, I have not experienced any browser hijacks, redirections or P2P compromises - That is, at least to the best of my limited knowlege.
 
Rather than follow along with the practices prefomed specifically to the aforementioned thread/topic I was hoping I could get some support to help assure  that I am not infected by some remaining stealth threat that has been left undetected.
 
As always Thanks in advance for your  help, patience and knowlege.

A:trojan Dropper.Generic9.slv claims another victim

Hello ,it is possible that AVG is seeing the infection in the Restore point and is unable to clean it. Antivirus tools cannot access that area. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.For XP,Vista and WIN7The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanupto remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok". Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" tab, then click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cleanup wi... Read more

Read other 3 answers
RELEVANCY SCORE 56.4

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 56

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 56

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue ... Read more

A:Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 56

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 55.6

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 55.6

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 55.6

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers
RELEVANCY SCORE 55.6

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers