Over 1 million tech questions and answers.

Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

Q: Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

Deckard's System Scanner v20071014.68Run by rodneybailey on 2008-07-31 21:19:40Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --102: 2008-08-01 01:19:46 UTC - RP425 - Deckard's System Scanner Restore Point101: 2008-08-01 00:53:14 UTC - RP424 - Removed Norton Security Scan100: 2008-08-01 00:41:12 UTC - RP423 - Installed Windows Internet Explorer 7.99: 2008-08-01 00:40:49 UTC - RP422 - Installed Windows IDNMitigationAPIs.98: 2008-08-01 00:40:10 UTC - RP421 - Installed Windows NLSDownlevelMapping.-- First Restore Point -- 1: 2008-07-19 19:02:52 UTC - RP324 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as rodneybailey.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:21:23 PM, on 7/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\SiteAdvisor\6261\SAService.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exeC:\PROGRA~1\McAfee.com\Agent\mcagent.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ntvdm.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\Program Files\AV9\av2009.exeC:\Documents and Settings\rodneybailey\Desktop\dss.exeC:\PROGRA~1\McAfee.com\Agent\mcupdate.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\rodneybailey.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: {5325b3d9-4f10-fe09-9e74-c6f1c1abce44} - {44ecba1c-1f6c-47e9-90ef-01f49d3b5235} - C:\WINDOWS\system32\vivbul.dllO2 - BHO: (no name) - {9F5F5CFA-24FF-42E8-B92F-8F49ABB299B0} - C:\WINDOWS\system32\hgGYRLeb.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"O4 - HKLM\..\Run: [54f6d7b1] rundll32.exe "C:\WINDOWS\system32\xaiiqcig.dll",bO4 - HKLM\..\Run: [BM57c5e42d] Rundll32.exe "C:\WINDOWS\system32\bnwryebf.dll",sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [18489962156534238127774843906744] C:\Program Files\AV9\av2009.exeO4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO15 - Trusted Zone: *.sxload.net (HKLM)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193255563765O20 - Winlogon Notify: urqRHbYp - urqRHbYp.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exeO23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeO23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exeO23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exeO23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe--End of file - 10927 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------S3 catchme - c:\docume~1\rodney~1\locals~1\temp\catchme.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>S3 PACSPTISVR - c:\progra~1\common~1\sonysh~1\avlib\pacspt~1.exe <Not Verified; ; PACSPTISVR Module>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-07-18 09:04:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2008-07-15 01:07:36 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job2008-07-01 01:01:21 346 --a------ C:\WINDOWS\Tasks\McQcTask.job-- Files created between 2008-06-30 and 2008-07-31 -----------------------------2008-07-31 21:08:49 0 d-------- C:\Program Files\AV92008-07-31 20:46:51 83456 --a------ C:\WINDOWS\system32\xaiiqcig.dll2008-07-31 20:46:47 105472 --a------ C:\WINDOWS\system32\vivbul.dll2008-07-31 20:46:46 105472 --a------ C:\WINDOWS\system32\sffcfdsa.dll2008-07-31 20:46:39 91648 --a------ C:\WINDOWS\system32\bnwryebf.dll2008-07-31 20:07:04 0 d-------- C:\WINDOWS\ERUNT2008-07-31 19:49:46 0 dr-h----- C:\Documents and Settings\rodneybailey\Recent2008-07-31 19:46:28 0 d-------- C:\Program Files\CCleaner2008-07-31 19:42:18 0 d-------- C:\Program Files\Trend Micro2008-07-31 19:21:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google2008-07-31 19:21:30 0 dr------- C:\Documents and Settings\LocalService\Favorites2008-07-30 20:50:16 83456 --a------ C:\WINDOWS\system32\ulbwjslh.dll2008-07-30 20:47:18 105472 --a------ C:\WINDOWS\system32\fieqwu.dll2008-07-30 20:47:16 105472 --a------ C:\WINDOWS\system32\ugwabjny.dll2008-07-30 20:44:38 91648 --a------ C:\WINDOWS\system32\kjohonqs.dll2008-07-29 20:47:18 105472 --a------ C:\WINDOWS\system32\pqqzbr.dll2008-07-29 20:47:16 105472 --a------ C:\WINDOWS\system32\mlgkohnr.dll2008-07-29 20:44:15 91648 --a------ C:\WINDOWS\system32\pcobqgsd.dll2008-07-28 20:50:18 105472 --a------ C:\WINDOWS\system32\cmmmib.dll2008-07-28 20:50:15 105472 --a------ C:\WINDOWS\system32\ovvlnssc.dll2008-07-28 20:44:15 91648 --a------ C:\WINDOWS\system32\olryagya.dll2008-07-27 20:46:36 105472 --a------ C:\WINDOWS\system32\ajhacf.dll2008-07-27 20:46:34 105472 --a------ C:\WINDOWS\system32\gfyggqtd.dll2008-07-27 20:43:34 91648 --a------ C:\WINDOWS\system32\ydijqwsx.dll2008-07-26 20:47:57 105472 --a------ C:\WINDOWS\system32\nbtdfk.dll2008-07-26 20:47:57 105472 --a------ C:\WINDOWS\system32\irtvuxxc.dll2008-07-26 20:42:28 91648 --a------ C:\WINDOWS\system32\mohvmwxf.dll2008-07-26 15:59:58 105472 --a------ C:\WINDOWS\system32\pndafx.dll2008-07-26 15:59:57 105472 --a------ C:\WINDOWS\system32\jrdbbqqn.dll2008-07-26 15:53:57 91648 --a------ C:\WINDOWS\system32\gcluggaq.dll2008-07-19 21:35:17 105296 --a------ C:\WINDOWS\system32\zmzvcc.dll2008-07-19 21:35:16 105296 --a------ C:\WINDOWS\system32\wgvrxsys.dll2008-07-19 16:27:06 0 d-------- C:\WINDOWS\ofmf2008-07-19 16:27:06 0 d-------- C:\Program Files\Common Files\ofmf2008-07-19 15:02:42 872186 --ahs---- C:\WINDOWS\system32\beLRYGgh.ini22008-07-19 15:02:36 314656 --a------ C:\WINDOWS\system32\hgGYRLeb.dll2008-07-19 14:57:42 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\?racle2008-07-19 14:57:29 0 d-------- C:\WINDOWS\system32\carH012008-07-19 14:57:29 0 d-------- C:\Temp-- Find3M Report ---------------------------------------------------------------2008-07-31 20:52:38 0 d-------- C:\Program Files\Online Services2008-07-31 20:51:55 0 d-------- C:\Program Files\Symantec AntiVirus2008-07-31 20:51:24 0 d-------- C:\Program Files\Common Files\AOL2008-07-31 19:21:01 236123 --a------ C:\logfile2008-07-31 19:12:21 0 d-------- C:\Program Files\McAfee2008-07-29 15:08:45 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-07-27 12:56:39 0 d-------- C:\Program Files\AIM2008-07-26 15:21:44 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\AdobeUM2008-07-26 13:42:04 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\Wal-Mart Digital Photo Viewer2008-07-20 16:43:33 0 d-------- C:\Program Files\Common Files2008-07-20 16:26:23 0 d-------- C:\Program Files\SiteAdvisor2008-07-19 14:57:42 0 d-------- C:\Documents and Settings\rodneybailey\Application Data\?racle2008-06-06 18:03:06 0 d-------- C:\Program Files\Common Files\Symantec Shared2008-05-10 19:07:59 13296 --a------ C:\WINDOWS\mozver.dat-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44ecba1c-1f6c-47e9-90ef-01f49d3b5235}]07/31/2008 08:46 PM 105472 --a------ C:\WINDOWS\system32\vivbul.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F5F5CFA-24FF-42E8-B92F-8F49ABB299B0}]07/19/2008 03:02 PM 314656 --a------ C:\WINDOWS\system32\hgGYRLeb.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 02:29 PM]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 05:57 PM]"54f6d7b1"="C:\WINDOWS\system32\xaiiqcig.dll" [07/31/2008 08:46 PM]"BM57c5e42d"="C:\WINDOWS\system32\bnwryebf.dll" [07/31/2008 08:46 PM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/28/2007 06:34 PM]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]"18489962156534238127774843906744"="C:\Program Files\AV9\av2009.exe" [07/31/2008 09:08 PM][HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHbYp] urqRHbYp.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGYRLeb[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnkbackup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnkbackup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnkbackup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnkbackup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54f6d7b1]rundll32.exe "C:\WINDOWS\system32\ulbwjslh.dll",b[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]AGRSMMSG.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]Mixer.exe /startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]C:\WINDOWS\System32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]C:\WINDOWS\System32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]"C:\Program Files\iTunes\iTunesHelper.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]C:\Program Files\MySpace\IM\MySpaceIM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\qttask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]c:\program files\sony\vaio survey\surveysa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]C:\PROGRA~1\SYMANT~1\VPTray.exe-- End of Deckard's System Scanner: finished at 2008-07-31 21:23:40 ------------

RELEVANCY SCORE 200
Preferred Solution: Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

Hello WebDept, Sorry for the delay. We have many logs backed up. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Read other 2 answers
RELEVANCY SCORE 116

My laptop became infected today with a Trojan that AVG Antivirus described as Trojan Downloader.zlob and Trojan Clicker.VBE. The trojan caused the PC to crash and reboot after it first appeared, added two porn web site shortcuts to my desktop, and made both IE and Firefox begin popping up a website for "AntiVirus 2009", which I learned from a quick search via my desktop (which is not networked to the laptop) was some sort of scam. The malware also did something that kept me from accessing this web site, the site for Ad Aware, and several other web sites related to Malware removal. I ran a full scan with AVG and it found several files which it quarantined, including "prrunnet.exe" and "msiconf.exe". After that, I cleared all caches and temporary internet files for both browsers, but the pop-ups continued. I then ran Malwarebyte's Anti-Malware and that found and removed 16 additional files. I then rebooted and the pop-ups and web site blocking are gone. I'm still having an with the "DCOM Server Process Launcher" crashing, which forces the computer to reboot. I'm also not sure all the malware has been removed, so I'm hoping someone can take a look at my DDS logs. Here is my DDS.txt report, and the Attach.txt file is attached.Thank you in advance.* * * * * * * * * *DDS (Version 1.1.0) - NTFSx86 Run by Patrick Toman at 21:57:58.67 on Fri 01/02/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Ho... Read more

A:Infected with Trojan Downloader.zlob, Trojan Clicker.VSE

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled.Since AVG is outdated, please uninstall it using Add/Remove Programs. Reboot after the uninstall.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is f... Read more

Read other 11 answers
RELEVANCY SCORE 114.8

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 113.6

We have new browser windows opening to ad-based sites (like zedo.com) every 3-5 minutes. It opens mostly Firefox, but also IE sometimes. Also getpack20.exe and getmodule20.exe are active processes. Please help - it makes the laptop almost unuseable.I ran DSS and here are the scans:Main.txt:Deckard's System Scanner v20071014.68Run by May on 2008-07-28 11:23:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-07-28 15:24:13 UTC - RP460 - Deckard's System Scanner Restore Point52: 2008-07-28 09:20:09 UTC - RP459 - System Checkpoint51: 2008-07-27 02:39:47 UTC - RP458 - System Checkpoint50: 2008-07-25 11:37:00 UTC - RP457 - System Checkpoint49: 2008-07-16 14:27:26 UTC - RP456 - System Checkpoint-- First Restore Point -- 1: 2008-04-29 06:27:47 UTC - RP408 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as May.exe) -------------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-28 11:26:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Bo... Read more

A:Infected With Trojan-clicker And Trojan-downloader

Hello there Karl and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: bannerstyle browser optimizer - {d43d4b57-8c99-db69-db24-52667ca4d79d} - C:\WINDOWS\system32\nfxxwnhhpkkij.dllO4 - HKLM\..\Run: [{0affa2ed-6956-f6af-9500-d039818ed399}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\nfxxwnhhpkkij.dll" DllStartO4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"Click on Fix Checked when finished and exit HijackThis.M... Read more

Read other 4 answers
RELEVANCY SCORE 107.6

Both Firefox and IE run all the time (Task Manager). In order to use Firefox I must first end processes or restart pc.
How do I remove poison ivy trojan?

Read other answers
RELEVANCY SCORE 107.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 106.4

Hello,I have been infected with a trojan Backdoor.Win32.Poison.dbc as detected by Kaspersky Anti virus. Everytime I start my pc the anti virus detects this trojan in this dirctory C://Documents and Settings/User1/Local Settings/Temp . The file getting infected is of some 10 digit number followed by .exe extension like 0851807056.exe . I select it to be delected when detected. It Says the infected file will be deleted when the computer restars. I restart it again, Tthe previously infected file gets deleted, as shown by my Kaspersky Anti virus. But again it detects another similar file with the trojan. It happens that it only detects when I start my computer or when I logoff and logon again. Kaspersky Detection Message: 6/15/2008 6:36:54 AM File C:\DOCUME~1\User1\LOCALS~1\Temp\5093433784.exe: detected: Trojan program 'Backdoor.Win32.Poison.dbc'.I am using Windows XP Professional Service Pack 3 v 3264. I have Kaspersky Anti Virus. Along with that I have had AVG Anti Spyware and Lavasoft Ad-Aware installed also. This problem I am facing since 11th of this month. So far I have used all the following Anti-Malware tools: (My other posts regarding this problem: Trojan Backdoor.Win32.Poison.dbc )Antivirus KasperskyAVG AntiSpywareLavasoft Ad-AwareMalwareBytes' Anti-MalwareSuperAntiSpywareCOMBOFIXSpybot Search n DestroyGrisoft vcleanerEMSISOFT a-squared Anti MalwareHijackThisAlthough I have the log reports of COMBOFIX and HijackThis I have not at all attempted ... Read more

A:Infected With Trojan Backdoor.win32.poison.dbc

Hi trulymadlyforyou,I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have.Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

Read other 16 answers
RELEVANCY SCORE 102.4

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 101.6

Logfile of HijackThis v1.99.1Scan saved at 6:04:55 PM, on 6/1/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LxrJD31s.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYSC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\wltrysvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\bcmwltry.exeC:\WINNT\System32\igfxtray.exeC:\WINNT\System32\hkcmd.exeC:\WINNT\GWMDMMSG.exeC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exeC:\Program Files\Dell Photo ... Read more

A:Help: Trojan.bho.aw, Trojan.clicker.small.av, Trojan Ad Clicker

Not sure why you started a new thread while you are already receiving help here:http://www.help2go.com/component/option,co...topic/p,117824/You have to understand that this is a waste of our time.So this thread is closed.

Read other 1 answers
RELEVANCY SCORE 101.2

Hi,

I've searched around a little, but couldn't find anything similar. I have a problem with a trojan infection that won't go away. The pop-up says "trojan-clicker.win32.tiny.h", "trojan-spy.html.bankfraud.dq" and some other things. I've searched around, and it seems not to be dangerous, but it's annoying as hell. I've tried Ad-Aware, Spy-Bot, AVG and Mal-Ware, and it detects it, removes some of it, but it returns after next reboot.

Can you please help me delete it?

This is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:44, on 19.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Progra... Read more

Read other answers
RELEVANCY SCORE 101.2

Today I noticed MS Security Essentials was repeatedly reported it was removing a threat.  When I checked the program, there were multiple instances of TROJAN CLICKER:JS/CHROJECT:A in quarantine.  I removed themk but they keep coming back.
 
How do I remove this from the computer?

A:INFECTED WITH TROJAN CLICKER

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 1 answers
RELEVANCY SCORE 101.2

Please Help, I am desparate. Our family computer has become infected by a trojan called clicker.FR and I can not get rid of it. My computer has become increasinly slow and freezes quite often. I have used avg free edition, adaware, spybot, ewido to try and remove it to no avail. I have posted a hijack this log. Thanks in advance for any help you can offer on getting rid of this. It is very frustrating.

Logfile of HijackThis v1.99.1
Scan saved at 8:00:08 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\Oadaemon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\TrayComm.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Temporary Directory 1 for fra... Read more

A:Infected by Trojan clicker.FR

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 100

Hello all,AVG antivirus detected a virus on my PC as a "Trojan Horse Clicker.SXT" but AVG wasn't able to heal or remove the file.Can someone please help me remove this pest?Thank youHere is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25:08 AM, on 11/5/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\MozyHome\mozybackup.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Cyberlink\Shared files\RichVideo.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exe... Read more

A:Infected with Trojan Horse Clicker.SXT

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.... Read more

Read other 11 answers
RELEVANCY SCORE 100

AVG detected C:\WINDOWS\system32\21E28015-B11D-409E-B8EE-618EFAF3503F.exe ,if i try to heal it or move it to the Vault it says Requested action is not available for this object. Access to the file has been denied. Computer is slower than normal but the main problem is if i try to run Ewido, Adaware SE, Spybot, CWshreader,Housecall or anything else the scanning stops when it reaches the System\32 part, so I'm at wits end now. I am not that computer smart so be patient with me please. I running Windows XP Pro, SP1 . Any help will be appreciated very much.


Logfile of HijackThis v1.99.1
Scan saved at 5:54:17 PM, on 7/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tppaldr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\... Read more

A:Infected with Trojan horse Clicker.FR

Welcome to TSF!

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - URLSearchHook: (no name) - {5038C2CD-C4B9-6A3E-2FCD-CBCE9EC5BFEE} - srbho.dll (file missing)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {01D3F6AE-47D4-4B05-A27F-593AAB3BE0B0} - (no file)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{AEF08151-2C5F-4B6F-8CA4-030465F47396}.dll (file

missing)
O2 - BHO: (no name) - {0C50B2CA-E76F-4F0F-8E84-098AEB69C301} - (no file)
O2 - BHO: (no name) - {3E8E3FE2-83D6-447F-9465-797B67D5D2B9} - (no file)
O2 - BHO: (no name) - {938E0D34-316B-4A29-B8E9-3E44F044FD4A} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\{AEF08151-2C5F-4B6F-8CA4-030465F47396}.dll

(file missing)

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Show Hidden Files and Folders

Click Start ? My Computer ? Tools ? Folder Options. Select the View tab.Check - Show hidden files and ... Read more

Read other 5 answers
RELEVANCY SCORE 100

Getting constant alerts from AVG that I am infected with the Trojan Horse Clicker.FR but clicking heal doean't do any good.I also suspect I am infected with an IE link hijacker as it often takes two or three attempts to get to the correct target page from google. I have a problem with IE ? there is no button toolbar or file command menu. And finally I have problems downloading files so I had to use my other pc to download HJT as the download link would not work.Have followed the steps in the Preparation Guide ? not without problems along the way ? but now have clean Ad-Aware scans and clean SpyBot S&D.At Step 5 could only get Bit Defender to work and have almost clean result from that. There was one virus it couldn?t disinfect or delete (not clicker)Ran the Stinger. Have ZoneAlarm as firewall ? bang up to date.Have downloaded the latest window security updates (about 30 of them) but only today.HJT Log attachedCan you help me please?Thanks very much...Logfile of HijackThis v1.99.1Scan saved at 18:22:09, on 07/07/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32�... Read more

A:Infected With Trojan Horse Clicker.fr

Hello,Please perform my steps in the right order....I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer during HijackThis CleanupThen, Download ResetTeaTimer.bat.Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =O1 - Hosts: localhost 127.0.0.1O4 - HKLM\..\Run: [dmiao.exe] C:\WINDOWS\system32\dmiao.exeO4 - HKLM\..\Run: [yummj.exe] C:\WINDOWS\system32\yummj.exeO16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{7864FD14-20D7-476E-9E4B-23140A46B58A}: NameServer = 85.255.116.70,85.255.112.101O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F0D99-BE59-4354-A33F-A69CF9234907}: NameServer = 85.255.116.70,85.255.112.101O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.70 85.255.112.101O17 - HKLM\System ... Read more

Read other 18 answers
RELEVANCY SCORE 100

according to AVG and Windows Live One Care. One Care identifies file name as c:\windows\system32\bidisplt.dll

I am running PC with Windows XP home. The above mentioned programs fail to remove or cure.

A:Infected With Trojan Horse Clicker.ndn

Have you tried running your scans in Safe Mode?How to start Windows in Safe Mode

Read other 2 answers
RELEVANCY SCORE 100

For starters, I am on a Vostro 400 computer and use Windows XP (No fancy versions). About 2 days ago, I was informed by Ad-aware (free version) that it has blocked a process attempting to create a file called Win32 Trojan.Clicker. I performed a virus scan afterwards with Ad-aware to find that the virus had gotten into my computer anyways; I think it was from a file titled something like setup.exe that created the Trojan. Anyways, I selected the option remove when it found the Trojan in the scan results and it required I restart my computer. I did so, and performed another scan afterwards. Ad-aware did not detect the virus anymore, but weird occurrences were happening such as random blank tabs opening without my permission on Mozilla Firefox, taking me to sites with odd URL's. Also, while playing my game, Team Fortress 2, I noticed heavy lag after the first round. I ended up closing the game and it was taking a long time. It loaded me out to a black screen for a while, and I had thought the computer crashed until a big white window popped up on my screen. This was my "Windows Virus Scanner", or something along the lines of that, that had detected a virus and started scanning without my permission. It claimed it found about 25 different Trojans within the first few seconds of scanning, and I was immediately suspicious. Having dealt with fake Anti-Virus software before, I shut down my computer manually without tampering with everything. I've also ha... Read more

A:Infected with Win32 Trojan.Clicker

Good evening. Your DDS log shows no active real-time anti-virus protection as far as I can tell - how long has this been the case?

Read other 10 answers
RELEVANCY SCORE 100

Avg keeps alerting me of a trojan horse clicker.sxt and in my task manager Internet explorer is running when i'm using firefox and there are times when i can here an advertisement for a phone or something.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:24:15 AM, on 11/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\AlienGUIse\wbload.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\ConfigFree\CFSServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Zune\Zune... Read more

A:Infected with trojan horse clicker.sxt

Hello HyranL27,Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),Also remove the checkmark from the the Lock Desktop Items box if it is checked.Apply.Apply and Exit Display properties.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 pr... Read more

Read other 8 answers
RELEVANCY SCORE 99.6

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 99.6

Please help...This is my first time. I read the Tutorials & I have ran all of the tools.....Pretty sure this computer has multiple problems.In the fog again

A:Suspected Trojan Clicker & Trojan Downloader on XP

Hello inthefog Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.You have two antivirus programs showing on your computer. This can cause you problems so I would suggest you remove one of the two. AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! Antivirus *On-access sca... Read more

Read other 25 answers
RELEVANCY SCORE 98.8

Recently AVG Anti-virus (Free) notified me that my system is infected with Trojan Horse Clicker.AJSA. Even though I always try to remove the threat, the next time I restart my system it notifies me that I am still infected with Trojan Horse Clicker.

System: Windows XP Home
Computer: Sony Vaio
HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:09:44 PM, on 7/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program ... Read more

Read other answers
RELEVANCY SCORE 98.8

Hello, I am in need of help to remove this virus.

I have tryed to remove file on reboot with Hijackthis twice but that didn't work. So I my last hope is to come here. Thanks.

Its called Trojan.Clicker.Small.IS
 

A:Solved: Infected Trojan.Clicker.Small.IS

Read other 7 answers
RELEVANCY SCORE 98.8

Hi,I have 'Trojan Horse Clicker.AISD and would like help on how to remove it. Both AVG and Avira pick it up (though AVG picks it up more than Avira) but aren't able to delete it.I'm not the most technical person so as much help as possible would be appreciated. I saw that m0le was able to help a user with a similar problem on this thread: http://www.bleepingcomputer.com/forums/t/319644/infected-with-trojan-horse-clickeraisd/But didn't want to start the same process and thus totally screwing up my computer before I got help from one of the experts on here. Also I tried to run GMER but it kept crashing my computerI have attached two files. The first is the initial scan from GMER, the second is the report before the longest crash (7 hours of scanning). I hope that is sufficient. Thanks in advance for any help you can give me.DDS (Ver_10-03-17.01) - NTFSx86 Run by at 11:30:25.00 on 02/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.206 [GMT 9:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvc... Read more

A:Infected with Trojan Horse Clicker.AISD - Please help if possible

Hello KegsyWelcome to BleepingComputer ==========================I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either AVG or Avira.==========One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact t... Read more

Read other 11 answers
RELEVANCY SCORE 98.8

I started getting "abnormal termination/ Microsoft C++ Runtime Errors" in a certain app. I ran the Kaspersky Online scan, and it said I was infected with the virus, Trojan-Clicker.HTML.Agent.a. Here is my HJ log. Logfile of HijackThis v1.99.1Scan saved at 8:30:21 PM, on 8/13/06Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEc:\windows\SYSTEM\KB891711\KB891711.EXEC:\WINDOWS\SYSTEM\KB918547\KB918547.EXEC:\WINDOWS\SYSTEM\HIDSERV.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\ptsnoop.exeC:\PROGRAM FILES\DAP\DAP.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\MESSENGER\MSMSGS.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\... Read more

A:Infected: Trojan-clicker.html.agent.a

Hello webfreebies and welcome to the BC HijackThis forum. I see no signs of viruses ormalware in the log.The Trojan-Clicker.HTML.Agent.a virus is a virus that normally resides in the IE temporary files folder. It will not show up in a HijackThislog.There are 2 things you should do. Clean the temporary folders and install an anti-virus program.Download and install ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Here are 2 free anti-virus programs that are available for personal use (I use these on various machines and they are both good):Avast Home EditionAVG Anti-VirusChoose 1 andinstall it, update it and then runa full system scan. Let it delete or quarantine anything it finds.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 98.8

Hi,My laptop is infected with the Trojan-Clicker.Win32.Delf.cbe virus. Kaspersky keeps popping up with this message that it is infected and deletes the file C:\Windows\System32\midehqjw.dll. But after every reboot the file is there again.I also got some kind of rootkit virus, kaspersky reporting strange files starting with names like kung*.tmp and kung*.dll and kung*.sys. I couldn't find these files anywhere on my harddrive though (some in memory virus?). It seems UnHackMe tool was able to remove those.I'm not sure if these two viruses are related though.I've attached the DDS and attach.txt. log. Any help on how to remove this would be greatly appreciated.***********DDS (Ver_09-05-14.01) - NTFSx86 Run by A.C. Ypil at 10:14:04,17 on za 06-06-2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: : {197811d7-bd2e-4de4-b17e-66a912e63ccd} - c:\windows\system32\veplsvp.dll... Read more

A:Infected with Trojan-Clicker.Win32.Delf.cbe

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 98.8

Hi,I keep getting a message from AVG that I am being attacked by a Trojan Horse Clicker.AISD that shows up in a file in my Temp folder. It says threat detected file name C:/Windows/Temp/nvrp.tmp/svchost.exe Threat Name Trojan Horse Clicker.AISD Detected on open Process name: C:/Windows/System32/svchost.exe. Process ID 1228. It wont let me send it to the Vault and I cant get rid of it. Can we fix this without me having to take my comp to somebody? Its a Dell mini 10v running windows 7 starter in Spanish (I live in Mexico). Thanks
 ark.txt   6.88KB
  9 downloads
 Attach.txt   3.06KB
  7 downloadsDDS (Ver_10-03-17.01) - NTFSx86 Run by Brian at 11:45:56.28 on Thu 05/27/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Starter 6.1.7600.0.1252.1.3082.18.1014.360 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\syst... Read more

A:Infected with trojan horse clicker.AISD

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The... Read more

Read other 16 answers
RELEVANCY SCORE 98.8

tried Avg, Adaware, Spybot and AntVir, its been making exe files in my system32 folder AntiVir calls it TR/Click526 and AVG calls it Clicker.FR Logfile of HijackThis v1.99.1Scan saved at 4:44:33 PM, on 7/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\syst... Read more

A:Infected With Tr/click.526 Or Trojan Horse Clicker.fr

can anybody help?

Read other 22 answers
RELEVANCY SCORE 98.8

Desktop Sony Vaio, Windows XP + SP3, 1GB RAM.These four infections - HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE periodically try to execute and Norton Security Suite BLOCKS them all. Along with these four, about 16 files are also blocked, all associated - fpq52.tmp (TROJAN HORSE), fpq4b.tmp (HACKTOOL.ROOTKIT), fpq4c.tmp (TROJAN HORSE), fpq4a.tmp (TROJAN.PANDEX), fpq4f.tmp (TROJAN HORSE), fpq4e.tmp (TROJAN.VUNDO), etc.I am presently running Norton Security Suite 4, F-PROT Antivirus, IObit Security 360, SpyBot-SD Resident, SuperAntiSpyware, Malwarebytes and Secunia PSI. These will not eliminate the infections.This PC is a neighbor's which originally had the Windows firewall OFF and greyed out, Firefox Google Hijack and the following infections, which are all now repaired -- HIJACK.WINDOWSUPDATE, Hiloti.B.gen!Eldorado, Trojan2.HZYZ, WORM.BDQA, TROJAN.AGENT.APHZ, ROGUE.AGENT/GEN-NULLO(dll), WORM.BLAH. (I mention these to provid a little background info). There were about 50 Windows Updates that were blocked but now installed.Thanks in advance for your assistance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Leah at 13:31:16.40 on Thu 06/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.95 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated) {3... Read more

A:Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 47 answers
RELEVANCY SCORE 98

Greetings all.

I am new to this so bear with me. I read the Preparation Guide and other links, so I think I am ready to post. Here goes.

A couple of days ago, with my laptop at home (running Windows XP), an AVG window popped up stating that I was infected with the following:

Trojan Horse Clicker.AAPC and,
Torjan Horse Crypt.FNK

I ran the AVG Scan and it couldn't remove/heal it. I ran it again, and it appear to be gone (no threats showed up), but my computer was making constant Internet Explorer-type clicking sounds, even though I wasn't using IE. Anyway, I ran a couple of more AVG virus scans and a couple of spyware scans (Spy Bot) and tried to clean it up. Not sure if all is well with my system. I don't want to use it until I am sure.

Can someone help me and see if my computer is ok? Or, suggest a couple of things I can try? Thanks in advance.

A copy of my DDS.txt log:
DDS (Ver_09-07-30.01) - FAT32x86
Run by Scott at 19:10:19.09 on Wed 08/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.238.38 [GMT -2.5:30]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C: ... Read more

A:Infected with Trojan horse Clicker.AAPC & Crypt.FNK

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 98

Hello gracious support people,

I downloaded a bad file from my bit-torrent program that installed many viruses on my computer. I tried to do a system restore but no restore points are restoring successfully. My firewall keeps catching rundll32.exe trying to access cpmsky.biz on line. There is also trojan-clicker.win32.agent.afr. Other things that are happening is pop-ups and sound files playing. I used the online Panda ActiveScan and have attached the text file here. Hopefully someone can help!

Read other answers
RELEVANCY SCORE 98

Hey everybody,Since a few days AVG-Antivirus keeps giving me alerts that my computer has been infected with Trojan Horse Clickers with .TQR and .SXT extensions. Sometimes my computer makes some bleeping sound (a few in a row) like some kind of warning sign. Next to that i sometimes get an alert by windowsdefender about a trojan horse in Win32. I have tried to get rid of this but nothing is working, they keep coming back. I saw a log posted by somebody else on this site and with the help of someone from Bleepingcomputer he could get rid of these infections (http://www.bleepingcomputer.com/forums/topic178165.html). I hope someone can help me.PS: I'm not a native English speaker, so i hope i won't make any weird mistakes in my English :-)This is the HijackThis log that i just did on my computer:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:06:38, on 8-11-2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bi... Read more

A:Infected with trojan horse clicker .tqr & .sxt Can someone help me remove them from my computer?

Hi there,

Next to the previously mentionted Trojan Horse Clickers i also have a Trojan Horse Downloader.Generic8.CFK as a last addition to the virus vault of AVG AntiVirus!

Can't wait for some help!

Thanx,
Patrick

Read other 3 answers
RELEVANCY SCORE 97.6

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 97.6

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

Read other 10 answers
RELEVANCY SCORE 97.6

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 97.6

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

File... Read more

A:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 12 answers
RELEVANCY SCORE 97.6

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 97.6

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one virus that it says and then lead you to another site with a virus scan but I got rid of those I think. The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when I tried starting it the computer would restart on it own and do it everytime I tried starting it. I ran VundoFix and that seemed to fix most of my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook, Adware Zeno search assistant, enbrowser, sidebyside search and a spycookie Aff6007 cookie. My internet is still acting funny, like when I try to play games on Pogo it says Applet(s) in this HTML page requires a version of Java different from the one the browser is currently using. In order to run the Applet(s) in the HTML page, a new browser session is required. Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans. Why did McAfee Internet Security stop these problems? Everytime I run my virus scan it says I am clean, as well as spybot and ad-aware. The only one that says I have a problem is SpySweeper. Any suggestions would be greatly appreciated, sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance.Logfile of HijackThis v1.99.1Scan saved at 7:31:48 PM, on 4/9/2006Pla... Read more

A:Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 10 answers
RELEVANCY SCORE 96.8

Hello- I am reading through the 'Preparation Guide' and following each step closely for maximum efficiency.

Problems started a few nights ago when I was roaming the internet; I wasn't using my Windows Firewall--but have now enabled it as suggested. I use Kaspersky anti-virus (7.0.1.325) - it told me I'd become infected with various Trojans [Trojan.Clicker.Win32.Delf.cbe, Heur.Invader, etc] --- it listed the affected file as C:\WINDOWS\system32\jvwfeead.dll but was unable to delete the file. I tried to do it manually and it gave me access denied messages. My computer slowed and programs didn't want to open. Everything began to freeze up and I had to manually turn off my computer several times before I could get Malwarebytes Anti-Malware to run... It removed a few files but it can't seem to do anything with 4 files [it calls them Vundo]. I've also run combofix, and it found other files it removed, but it also cannot touch some of them. One of the programs mentioned this file is infected: c:\windows\system32\mwvzxdl.dll (although I cannot remember which one) -- however none of my programs will let me delete it, nor does it allow me to manually delete it.

My system is now running fairly smoothly, but I know I am still infected. Visiting sites like 'deviantart' causes my system to go into a frenzy, and the virus seems to redownload itself at random. I haven't had any popups---just extreme slowness, programs freezing or refusing to load, etc. And t... Read more

A:Trojan Dropper/Clicker/Vundo/Heur and other nasties have infected me...

Hello Lisa and welcome to BleepingComputer.com In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.I am currently looking at your thread and will post back with instructions soon,regards _temp_

Read other 3 answers
RELEVANCY SCORE 95.6

Hello.

Firstly thanks in advance for your time.

My machine, an old compaq armada e500 isn't very fast but lately it's got very slow. Also at times there seems to a lot of disk activity when I'm not actually doing anything. The Task Manager shows System Idle in the high 90 % yet the disk is whirring away like crazy.

Protection installed asfollows:

Comodo firewall
AVG anti- virus
Ad-aware
Spybot search & destroy
Superantispyware

I update and run these fairly regularly and also run CCleaner

I ran an online scan with Kaspersky and it showed

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe/file13 Infected: Trojan-Clicker.Win32.Small.tl skipped

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\SpySweeper\ssf-snr-a-setup481.exe Inno: infected - 1 skipped

and

D:\Documents and Settings\Administrator\My Documents\MyStuff\Downloads\Zonealarm\KYLG\FamilyKeyLogger\cisvc.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.230 skipped

Spysweeper, I can't recall downloading or installing tho' it's possible I did or my son did.

Keylogger I did install and uninstalled quite a long time ago.

I have followed the pre-post steps.

here is the text of the DDS scan

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-08 10:38:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed ... Read more

A:kaspersky shows Trojan-Clicker.Win32.Small.tl & Inno: infected - 1

72 hour bump

Read other 7 answers
RELEVANCY SCORE 95.6

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 95.6

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 92.8

think i have poison.o trojanany way to make sure my system is virus free?if a helper post i pm details of the file i ran!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:22:24, on 17/01/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16764)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\McAfee\MPS\mpsevh.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\sttray.exeC:\Program Files\McAfee\MSK\mskagent.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exec:\program files\mcafee\msc\mcuimgr.exeC:\Windows\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Andy\Documents\AWB\AutoWik... Read more

A:poison trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 2 answers
RELEVANCY SCORE 92.4

1. My HP P dv4 2045, Windows 7 Home Premium w/Service Pak 1,64 Bit, with Symantec End Point Protection VER 12.1.1000.157 RU1 is infected with Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen.

a. I can't even get on the internet, having to use my wifes machine!
b. I followed instructions provided at your This Guide link.
c. The only thing I did different is I turned off my antivirus until I finished running Defogger and DDS. Interestingly, I tried to get on the net and was able to but was be redirected so i got off and enabled my antivirus again.

2. I was able to get both the DDS.txt and Attach.txt and the are attached.

3. Original Post: http://www.bleepingcomputer.com/forums/topic464429.html/page__pid__2798030#entry2798030

EM

A:Infected w/Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 19 answers
RELEVANCY SCORE 90.8

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 90.8

How can i remove this trojan Horse?. I am unable to remove it through avast and malwarebytes. Is there any idea to remove without harming the file system. Please help

A:Trojan Horse and backdoor.poison

Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will ... Read more

Read other 9 answers
RELEVANCY SCORE 90.8

Hello,

Just Joined this forum......Its gr8.......

Since two days back my anti virus(kaspersky) started detecting a trojan program namely, Trojan Backdoor.Win32.Poison.dbc and this detection occurs everytime I restart my laptop. The infection gets detected and after I select it to be deleted in Kaspersky, it states that the infection is neutralized but will be deleted when ur computer is restared . So I restart it again but as it happens the same trojan again gets detected and the procedure continues. But if i just continue using without restarting, but of course neutralizing the threat, I dont seem to get any problem(I guess so). But obviously I would want the trojan to be cleared.

Anyways, the trojan always is detected in the temporary file folder, that is, C://Documents and settings/User1/Local Settings/Temp.

The file getting infected is of the form - C://Documents and settings/User1/Local Settings/Temp/ followed by some 10 digit number and .exe extension.

I am having Windows XP professional service pack 3 installed on my laptop. And I hav Kaspersky antivirus as well. Besides these I hav also tried AVG Anti Spyware and Ad-Aware programs.

I just now ran COMBOFIX. After finishing with it and restarting the trojan was again detected at startup. I dont seem to understand how the trojan gets started at startup and with what file it is linked to or whatever is happening. I do not have much knowledge regarding this subject and I hope to get some help from experienced use... Read more

A:Trojan Backdoor.win32.poison.dbc

You should not run ComboFix unless instructed to do so by a malware removal expert. It can really mess up your system if you're not careful.Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode.Then run a full system scan with SuperAntiSpyware in Safe Mode.How to start Windows in Safe Mode

Read other 8 answers