Over 1 million tech questions and answers.

Trojan backdoor possibility

Q: Trojan backdoor possibility

Hello! I'm having a hard time with my windows updater, especially the security updates. They are failing and refusing to update, what can I do? I ran AVG the other day and it brought up trojan backdoor infections and put them in the virus vault, but I don't think all of the infection is out of the computer. I have ran AVG again, nothing. Spybot search and destroy, again brought up nothing, and I've ran Malwarebytes Anti Malware, and again, nothing. I am running on Microsoft Windows XP Media Center Edition Version 2002 Service Pack 3. Thank for your time.

RELEVANCY SCORE 200
Preferred Solution: Trojan backdoor possibility

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Trojan backdoor possibility

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this topic.

Read other 1 answers
RELEVANCY SCORE 64.4

hey there

so for a couple of days my computer is acting weird. i check my yahoo,gmail mail and when i send out email and go to the sent folder its marked as read, even though i dont read my sent mail. yahoo cant help, password change didnt help either.

also my computer is kinda slow now. im not very good with computers but i ran
trojan killer, avast, a-squared, spybot,anti vir and couldnt find anything.(maybe trojans or whatever are 'covered' as normal file, program?)

now i wouldnt be so worried, but my mom has a hacker for sure in her system , even the police confirmed that. people shut down her pc, open and delete pictures, log into her online accounts, cancel orders etc etc

does anyone know what this could be??? i appreciate any help that i can get.



heres my logfile

Logfile of HijackThis v1.99.1
Scan saved at 19:08:05, on 05.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\A... Read more

A:possibility of hacker,backdoor, man-in-the-middle?

no one so far?
btw im trying to create a kaspersky log file but the online scanner keeps stopping around 6990-7069 files..

i wish someone could help :(

Read other 1 answers
RELEVANCY SCORE 56

Referred from here: http://www.bleepingcomputer.com/forums/topic403674.html ~ OBHave reinstalled windows and both entities are still present and the slow crunching sound of the hard drive is occasionally heard.Have not had any luck reformatting the disk. Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom. Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs. Remember I have reinstalled windows and removed all extra programs prior to. Question can the bios get affected with a virus issue like I have?I did trial 10 bit products security 360 and Advanced system care 4 and have a feeling that this is where the infections have come from. Thankyou for your help.
 Attach.txt   4.2KB
  2 downloads.DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000Run by gino at 23:35:04 on 2011-06-17Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.6142.4972 [GMT 10:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalSys... Read more

A:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

Quickly just some issues I have faced when I followed your instructions.
-DDS did not install as it said that my system (WinXP 64) was not compatible
-GMER did not have all the boxes available (Only services, registry and files were non-greyed)

The suspicious .exe is xeuiwe.exe, I cannot find it using search, nor kill the process in msconfig but can kill after boot using Task Manager, it also taking up 30% of my CPU. An older scan using MBam said it removed Holita. Running a scan using Ad-Aware.

Uploaded hijackthis log, GMER log and MBam Log

QUOTE("HiJack This")Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:08, on 11/02/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\Administrator\xeuiwe.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page... Read more

A:Trojan.Holita Possibility

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello Everyone,

I am sincerely hoping that someone here might be able to provide me with some assistance. In the past, I've usually been able to resolve most of my PC issues myself, even with my limited knowledge, thanks to the help of my Firewall/Anti-Virus suite, Ad-Aware and Microsoft Updates. However, this problem has me very confused and I thought it might be best to turn to someone who might know more than myself about the problem, so here goes:

A few nights ago, I was surfing the internet and an alert popped up from my Trend Micro PC-Cillin Internet Security Suite 14 Real-Time Virus Protection. It said that something named Possible_HiFrm-5 had been detected and advised me to run a virus scan. I ran a virus scan and it found Possible_HiFrm-5 but did not give me the option to clean or do anything more with the file. Since it was located in the Temp files, I located the file and deleted it myself. I thought I had resolved the problem. However, the same scan also found TROJ_FAKEAV.ILA, I was able to quarantine this file. Again, I thought that the problem was resolved.

Today, I was surfing the internet and I began getting pop-ups from the following URLS:

http://www.vidshadow.tv/channel.asp...1B-A544-6BF942B8E8BB&cn=gunggo-anid=790001101

http://www.vidshadow.tv/channel.asp...1B-A544-6BF942B8E8BB&cn=gunggo-anid=790001101

I ran Ad-Aware and a virus scan. Both programs are up to date. I was not able to find anything in either program. I'm very much ... Read more

A:Sudden Popups. Possibility of Trojan? Please Help! :(

Hi, Welcome to TSG!!
Download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

Read other 1 answers
RELEVANCY SCORE 52.4

IE, Chrome and Firefox all experience the same symptoms. I type in nearly any search into the address bar, or in Google, it comes up with genuine search options in Google's page, I click on a link in the search, then it sends me to a not-legitimate page, or through a link to a different page (as if I clicked on an affiliate link).

Avast did not detect it at all; used Ad Aware to scan and remove, and it only detected 3 adtd cookies. Malwarebytes detected Trojan.VBKrypt and Backdoor,Bot and removed them, which temporarily (I mean 2-3 searches at most) stopped the issue. Uninstalled Avast and installed McAfee Total Protection Service which detected Generic.dx!iqs, Generic.dx, BackDoor-AWQ, Generic.dx!gic, and MWS. All removed, but as you can guess, the issue still persists.

Attached is the Attach.txt file.

Attached is a few files of RootRepeal crash logs. RootRepeal has a ton of errors causing me to not be able to scan or collect a log of any kind. Errors include 'FOPS - DeviceIoControl Error ! Error Code = 0xc0000024 Extended Info (oxoooooodc)', and when I attempt to scan, error 'DeviceIoControl Error ! Error Code = 0x0' appears. I'm guessing it might be because I'm using Windows 7...

Please advise on possible tasks and solutions. Thanks.

The following is my DDS.txt log file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike Faria at 14:34:34.42 on 20/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows ... Read more

A:generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches

UPDATE - A day later, McAfee Total Protection Service detects Hiloti.gen in svchost.exe. All of these files pop up in c:\Windows\TEMP\filename.tmp\svchost.exe.Hundreds pop up, all throughout the day whether or not I am here. I left my PC on and came back to over 200 to delete. Anyways, I did a bunch of searching on Google and BC, on a different PC since this one sends me to illegitimate sites to buy their program... Result = no one has an answer. It seems every forum I go to, people are instructed to run scan x with x program, then run scan y with y program, etc. with the post unending, full of log files and no solutions.I'm still holding out hope ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular ... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Ok I spent the evening trying to fix my cousin's computer. I was removing spyware and she said she had a problem with available memory. I checked it out and she has an 8 gig HD with only 61 MB available. So I scanned with her un-updated Norton and it detected a trojan virus. So I updated her Norton first then scanned the HD and it found the following viruses.

Pic.exe Backdoor.SubSeven2
Shawn1.jpg Backdoor Trojan
winsys98.bat IRC Worm Generic

Norton found them but was unable to remove and fix the problem...all it could do was quarrentine the files. Anyone have any advice?
 

A:Backdoor Trojan, Backdoor SubSeven2 and IRC Worm Generic

Read other 16 answers
RELEVANCY SCORE 50.8

Using windows xp home edition and Microsoft Antispyware Beta 1 I came across problems logging into partypoker.com as every time I logged in the above noted spywareTrojan.Backdoor.Small.FB Backdoor spyware was picked up by my spyware program and I had to delete it. My spyware was a freebie and running out soon so I went on line and downloaded the new beta 2 microsoft defender. Big mistake.... slowed everything down and started getting all kinds of disconnects and black screens, etc. etc. Anyway deleted the beta 2 and then reset my computer to previous date to get the beta 1 back and now the beta 1 isn't working either. Am also using AVG anti-virus program and that full scan comes up clean. Everything seems to be there,however, when I click on run scan for the spyware program nothing happens????? Any suggetions for a good spyware program download other than microsoft? Thank you.
 

A:Trojan.Backdoor.Small.FB Backdoor Spyware

Read other 8 answers
RELEVANCY SCORE 50.8

I have run ad-aware and spybot. I have Norton Antivirus 2002. About/blank takes over start page, "unable to repair" pop notice from Norton reagarding backdoor trojan, backdoor agent, and download trojan. HELP
 

A:about/blank - backdoor agent b - backdoor trojan

Hi bogey6438

Welcome to TSG!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download and save the file to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

The log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

Read other 1 answers
RELEVANCY SCORE 50

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 50

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

Read other 1 answers
RELEVANCY SCORE 49.6

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 49.2

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 48

I'm running on Windows XP Media Center. I've been using Webroot's Spysweeper and PCtools antivirus, and i've constantly picked up the same alerts every time I run a scan and removing them. After removing them and rebooting my computer, I get a fakealert on my taskbar which I can't seem to remove either. I've also tried booting in safe mode and running a scan, but that didn't work either seeing as how everything seemed to come back as alerts when I restarted. I've also noticed that Windows Defender has an error when I startup my computer. Thats the most I can recall happening. I've temporarily removed the red circle with the X on it (fakealert) that advertises some spyware product by closing explorer.exe from my process tabs and restarting it with run.

A:Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Hello Kanko and welcome.Please run this first, post back the scan report and tell us how the PC is doing now.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message ... Read more

Read other 10 answers
RELEVANCY SCORE 48

Hi,

My Symantec was sending messages regarding trojan.vundo, trojan.metajuan and backdoor.trojan. I found some info that lead me to your combofix tutorial, which I run and now the pc seems fine, though, in the tutorial is strongly recommended to post the log. Should I?

Thank you!!
-Cristina.

Read other answers
RELEVANCY SCORE 46.4

Norton 360 did idle scan and found Backdoor.Tidserv (Which I believe it found when I first got Norton, about 10 days ago. Now, I have Tidserv, two cases of Biteverify, and 6 unnamed trojans. Another manual scan revealed nothing but 8 cookies but I know these things come back unless you try hard at deleting them. My computer is experiencing no symptoms. I have no logs to show you. If this doesn't belong here, I'm sorry, but this computer is rather new and I don't want it going down.

A:Norton found Backdoor.Tidserv, Trojan.Biteverify, and unnamed Trojan horses.

Could someone help me with this please? I know Tidserv is a nasty rootkit that you guys seem to know how to kill. It might be gone, but I want to make sure because I thought it was gone a week ago and it was still there. Still no symptoms.

Read other 12 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Few days ago my dad opened an email which as you can see delivered all above viruses and trojans. Since then I have been going through the logs and system registery and cleaning all the trojans, I have used Symantec(norton), Ad-aware, Spybot, Xoftspy and few other spyware and adware removal tools, I have gone through step by step removing each and every files explained in Many websites, but the bloody thing keeps coming everytime I restart the pc. Oh yes, I have made a bootable cd and removed it from boot sector and memory as well but it didnt help! dont laugh but i was so pissed off, i was about to remove the motherboard battery! haha (joke)

Ok, Im not too experienced in pc like you all but i do ok, however, I need your help. First of all, the pc is 100 times slower! I get a red desktop with few internet links in it (ofcourse "warning you have spyware, click here to remove it"), I can not remove this desktop because everytime i go to remove it, the mouse wont click on any other desktop picture in display properties.

Every time i loginto windows (XP Pro SP2), I see about 20 weired .exe files loading in task manager. THey are all in system32 directory, i remove them, then they show up with a different name such as QLP.EXE, or KPE.EXE and ect.

THe most important effect is that I can not see the desktop files at all! I only have Recycle bin and on the desktop. I tried to search for the directories but they are not there, however, the search result sho... Read more

A:Trojan or Virus, Bloodhound.Packed, Backdoor.Mutny, Trojan.Startpage and Dloader-FC

run Kapersky as described here
http://forums.subratam.org/index.php?showtopic=3466&hl=bube

then download this attachment, to the desktop, rightclick it & rename it to fix.reg and double click it and say yes to the prompts to merge with the registry then post a new hjt log please

http://forums.techguy.org/attachment.php?attachmentid=53089
 

Read other 1 answers
RELEVANCY SCORE 46.4

Good evening, Bleeping Computer Gurus! I have been having this problem for about a month. I thought I cleared it up back on the 8th using Malwarebytes' Anti-Malware, but it keeps coming back. I am a little embarrassed to say that I do IT tech work for a living and can't seem to fix this issue. I've been stubbornly trying to fix my problem by my lonesome, and I'm now swallowing my pride and asking the experts for help. Any questions, considerations, advice, or criticisms are warmly welcome.

I always update both AVG and Malwarebytes' Anti-Malware before scanning. Malwarebytes' updates ok, but AVG must be updated manually via directory each time. Recently, AVG finds nothing. On the 8th, 9th, and 10th, AVG found: Downloader.Swizzor.JVP, Generic_c.AGFX, Downloader.Generic2_XQU, and Defiler. Most of the time Malwarebytes' finds something. However, it doesn't always find anything, and it isn't removing the underlying problem. I can verify infection even when Malwarebytes' finds nothing by clicking through Google to AVG (e.g. search "AVG" in Google) and usually 1 out of about 20 clicks will be redirected. An example redirected URL is <http://www.free-download-place.net/avg/index_promo.php?source=CCN-CD277-MIVA-avg> and <http://us.peeplo.com/search/?q=avg&from=adg5> instead of <http://free.avg.com>. Also used to verify is Steam, as it will immediately close without a crash report when the redirector is active and messing with its network requests.... Read more

A:Browser redirects w/ Steam crashes: Trojan.Gumblar, Trojan.Agent, Backdoor.Bot, etc.

Hi,Uninstall these vulnerable Javas:Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 4Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6 Update 1Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.Download ATF (Atribune Temp File) Cleaner? by Atribune to your desktop.Double-click ATF Cleaner.exe to open itUnder Main choose:Windows TempCurrent User TempAll Users TempCookiesTemporary Internet FilesPrefetchJava Cache*The other boxes are optional*Then click the Empty Selected button.If you use Firefox:Click Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.If you use Opera:Click Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click NO at the prompt.Click Exit on the Main menu to close the program.Download the latest version of Kaspersky Virus Removal Tool* Close all other applications and dou... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

k... i'll keep this short n sweet. i was browsing the web with a FULLY updated ie (first mistake), windows 7 (second mistake) and java (HAHA... ugh), and i was on rlslog (evil, EVIL website) and msse (FOURTH mistake) "intercepted" 'alureon.fl' (of course, AFTER it had 'installed' itself on my system... wut a useless pile of @#$%). i knew this trojan just HAD to be similar to 'smitfraud' (which i KNEW was bad, because ive removed it from several systems in the past). anywho, i IMMEDIATELY shut down my pc and proceeded to look up removal instructions online (using my jacked up vzw droid incredible with its half baked gingerbread (2.3) FORCED update (ugh), and the best i could come up with on how to remove the tdss 'strain' was:1) tdsskiller (which didn't seem to FULLY work because...2) anti virus scan (msse had me use msse 'offline' mode which found quite a few 'alureon' entries)3) mbam (which found a couple of pum. (sp?) '.startmenu.' entries4) combofix (which I GUESS (and please, PLEASE help me out on this one) took care of the rest of the 'aftermath' (missing start menu shortcuts, etc (i don't believe the trojan actually ever 'hid' any of my files (i've heard some strains do that, but i seem to see everything on my desktop and in my downloads folder and documents folder (etc) i'm not missing anything... am i?AAAND...5) otl (which i can't seem to 'login' to t... Read more

A:alureon.fl (tdss family) backdoor trojan rootkit -- worst trojan EVER!!!

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 6 answers
RELEVANCY SCORE 46.4

Hi,

I've run SpyBot and AVG Anti-Virus programs and Trojan Horse BackDoor.Generic11.HCO (corresponding to C:\Windows\system32\ativvax.dll) and several tracking cookies are picked up. Yet, I'm still not able to remove the listed items. Can anyone assist me?

A:Trojan Trojan Horse BackDoor.Generic11.HCO and Tracking Cookies/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 46.4

Came across a laptop at work today that had Windows Update, Windows Firewall, Windows Defender and Microsoft Security Essentials all disabled (one of those even reporting that it was by GPO.
 
Scanned the system with Malwarebytes and found the following viruses:
 
Trojan.Ransom.Gend
Trojan.Dofoil
Backdoor.Bot.ED
 
Scan that caught these was a quick scan.  Rebooted into safe mode and ran a full scan and it came up clean.
 
What scan should I do next?

A:Infected laptop Backdoor.bot.ED, Trojan.Ransom.Gend and Trojan.Dofoil

Hello, Scanned the system with Malwarebytes and found the following viruses:Can you please post up the log file of this scan that documents these findings? And in addition, please run a FRST scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

Read other 2 answers
RELEVANCY SCORE 46.4

I may have plugged an infected flash drive into my brand new Acer Aspire 5730 running Vista. I wasn't sure if the drive was infected, so I plugged it in, didn't access it, but scanned it with AVG Free 8.0 and Malwarebyte's Anti-Malware. The Anti-Malware scan turned up multiple instances of Trojan.zlob and Backdoor.bot, and AVG picked up nothing. I removed the flash drive and ran a full scan with both programs on my laptop. Again, AVG picked up nothing, but Malwarebyte's picked up the exact same instances of Trojan.zlob and Backdoor.bot now on my laptop. The log lists the locations of the infected files as:C:\Users\Default\My Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.Please note that when I originally scanned my flash drive, the exact sam... Read more

A:Possibly Infected with Backdoor.bot, Trojan.zlob, and Trojan,vundo

Hello MissCarolWelcome to BleepingComputer ========================If you are still in need of assistance please post a newRsit log.

Read other 13 answers
RELEVANCY SCORE 46

I have never tried this before and any help would be much appreciated. Last Friday (7/10/09) my computer was infected with the System Security Virus after my husband clicked on a picture in craigslist. Desktop went to blue screen with "warning you computer is infected..." after a few minutes the computer was useless. My brother who has some computer knowledge did his best and cleared out most of the infection. Now although and I am able to use the computer the backdoor trojan Win32.Trojan.TDSS is definitely still there. On occasion I get a warning from ad-aware that says malware is found. I have run both ad-aware and malwarebytes repeatedly and it just cannot clear out this virus. We have located the *.bmp files that were the warning screens and deleted those also. Both ad-aware and malwarebytes can locate the files but cannot remove them even after a reboot. Monday (7/13) after a long day of working on it we thought the system was clean but at approximately 1 am my computer speakers started playing Michael Jackson songs. Couldn't find on the computer where it was coming from and a after two songs it ended. So I scanned with ad-aware and it found the same virus again. Malwarebytes has found UACinit.dll. I am pretty sure this is a nasty backdoor trojan and a rootkit virus that is totally screwing up my system. It is functional at the moment and we have already gone on different computers to change all sensitive information and haven't accessed i... Read more

A:Infected with backdoor trojan Win32.Trojan.TDSS

Hello about the TDDS..One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.To clean please post your MBAM (Malwarebytes) logThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows M... Read more

Read other 21 answers
RELEVANCY SCORE 46

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:48 PM, on 8/2/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exec:\dbssys\DBSNTS.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\WinLivePatch.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\svchost.exeC:\program f... Read more

A:Hijackthis Log: Please Help Diagnose - Backdoor.trojan / Trojan Horse Etc.

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 30 answers
RELEVANCY SCORE 46

Help me I just clicked on a link provided by a fellow forum member and instantly I became Infected badly with multiple viruses and spyware. some of them are Backdoor trojans a trojan horse and a couple others. i cannot get ipu to close off of my close programs menu. Hurry please help me. This happened while testing the mcafee problem that I may of had causing excessive freezing of windows and ie. what should i do. is there any virus killers that can be downloaded to get rid of this nuisance . the popups are at an extreme level.
 

A:helppppp I got a virus trojan horse backdoor trojan. and others!!!!!!!!

go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

Read other 1 answers
RELEVANCY SCORE 46

Hi you helped me disinfect one of my computers now I have an even bigger chore with another computer. It is so infected right now. I have found the Trojan Crypt.B and Trojan IRC/backdoor.sdbot.myx viruses on my computer. I tried to follow the instructins for what you suppose to do before you post a HJT log. Unfortunately my comp won't show my the add/remove programs. I did my updates for what it would let me download and and ran all the virus and spyware scans. Hopefully you can help me with this problem.

Her is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:01:51 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\HEYWOO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microso... Read more

A:Trojan Crypt.b and Trojan backdoor virus problems

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.


Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Restart and run a new scan with... Read more

Read other 1 answers
RELEVANCY SCORE 46

Spy Sweeper found: Trojan Horse found: trojan-backdoor-securemulti.
I have no idea how to clean this. I got it through a link over msn messenger. When I try to quaranteen it from spysweeper it doesn't do anything, and when I try to use anything to do with highjackthis it automatically shuts down the file or program.
HELP?!!! PLEASE
 

A:Trojan Horse found: trojan-backdoor-securemulti

Welcome to TSG

What location was it found in?

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Read other 3 answers
RELEVANCY SCORE 46

Hello:
Please help me. My computer is infected and I dont know how to get rid of the viruses. I have the following security softwares...
a) zonealarm
b) avg
c) avira
d) spybot search and destroy.

AVG found a month ago the virus Trojan Small in my laptop, I managed to delete the file in safe mode but I was sure there was still something dodgy in my computer. Today I got infected with another virus (trojan horse backdoor sdbot2 cfl). I found the file in: windows/system32/etc/hosts but the second time I ran the scan it wasn't there anymore. I am sure I am infected but my antivirus detects nothing now. Please please, help me.
Yours Truly,
Mike

A:Trojan Horse Backdoor Sdbot2.cfl and Trojan Small.FR

Sorry forgot to add my hijackthis info...

Logfile of HijackThis v1.99.1
Scan saved at 21:04:07, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\h... Read more

Read other 7 answers
RELEVANCY SCORE 45.2

Uncontrolable pop-ups, conflicker worm, slow start-up, unable to access web pages, AVG anti virus software not working, this is a teenagers computer no telling what was downloaded or when.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 17:49:29.59 on Tue 04/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.195 [GMT -6:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\116177960.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\... Read more

A:generic trojan dialer & backdoor trojan

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Read other 2 answers
RELEVANCY SCORE 45.2

HiMy problem started over a week ago when I was browsing online and noticed the McAfee security center had stopped working. I was unable to restart it (MISP shell has stopped working). I clicked on windows update and would get a quick flash or the browser would open to the site and then just hang. Then I noticed add/remove programs wasn't working (I downloaded a program Your Uninstaller! to uninstall McAfee thinking that might be the problem but uninstalling did not make a difference). I (stupidly?) tried system restore but it didn't help. Since I've been trying to troubleshoot this, many more strange things have happened (not being able run certain programs -- Quickbooks for one -- and some scanning and security software I've tried to download doesn't work). I downloaded and updated Malwarebytes, ran it and came up clean. I did the same with Super AntiSpyware, running it in safemode and found nothing. Also ran ESET scan. Tried to download Dr. Web Cure it but it wouldn't download so I downloaded a free 30-day trial of Dr. Web AntiVirus and ran a (16 hour!) scan in safe mode. I saved an xcel file from the scan window because sometimes I can't save logs! Data1.cab/_1_ccp_o1.exe\data001;C:\Program Files\Intuit\QuickBooks 2006\Components\PConfig\Data1.cab/_1_ccp_o1.exe;Probably BACKDOOR.Trojan;;_1_ccp_o1.exe;C:\Program Files\Intuit\QuickBooks 2006\Components\PConfig;Container conta... Read more

A:Possible backdoor trojan/Trojan Startpage 1505?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 30 answers
RELEVANCY SCORE 45.2

This is a new trojan I have encountered and I have found some information to deal with it but there not working. Eight minutes into the Spy Sweeper scan the virus pops up and I'm a little stump on how to get rid of it. So If someone can help me that would be great. The Attachment is the report I got from dds.scr. I also do not have my windows install disc and boot cd. I have the product key but not the cd.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 15:18:16.01 on Wed 10/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1391.765 [GMT -5:00]


============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMSer... Read more

A:Trojan Virus: trojan-backdoor-prodav

Hi,

Please do the following


Please download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and put it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 2 answers
RELEVANCY SCORE 45.2

Hello everyone, i have been having a lot of problems with download.trojan and backdoor.trojan. i did all of the necessary scans that were in the steps. The scans said everything was removed, but i still have an [email protected] connection and my browser is still gives me partypoker and perscription pill popups. Here is my HijackThis! logfile. Any help would be greatly appreaciated.

gfile of HijackThis v1.99.1
Scan saved at 8:35:58 PM, on 1/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\SoftPerfect Personal Firewall\fw.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\D-Link\AIRPLUS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\N... Read more

A:Download.Trojan Backdoor.Trojan problem

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start -> Run - type SERVICES.MSC & then click on the OK button Locate the service - Distributed Link Tracking Client Protocol Helper
Double-click on it to open the Properties dialog.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
Then sta... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

Logfile of HijackThis v1.99.1Scan saved at 11:18:56 p.m., on 02/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\carpserv.exeC:\Archivos de programa\QuickTime\qttask.exeC:\Archivos de programa\Winamp\winampa.exeC:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exeC:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\system32\ctfmon.exeC:\Archivos de programa\Messenger\msmsgs.exeC:\windows\ZaZ.exeC:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Webroot\Spy Sweeper\... Read more

A:Trojan Horse: Trojan-backdoor-adagoe

Welcome to Bleeping Computer Daniela Morato Please Note:If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.Please download ATF Cleaner by Atribune:This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program. Under 'Main' choose: 'Select All'. Click the 'Empty Selected' button. If you're using Mozilla Firefox,or Opera browser.Click the 'Firefox'/?Opera? tab at the top.Place a check in 'Select All'.Press 'Empty Selected'.NOTE: If you would like to keep your saved passwords,click No at the prompt.Click Exit on the Main menu to close the program when you've finished.=====================================Go to Control Panel>Folder Options>View tab,and enable 'Show hidden files and Folders',now press Apply>OK.=====================================Please download/install AVG Anti-Spyware 7.5.Please follow these instructions carefully.Launch/start up AVG Anti-Spyware.On the main page click the 'Update' tab,and then 'Start Update'.Once the updates have been installed,do the following:Select the 'Scanner' icon at the top of the screen, then... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

Hello,

I recently received a message from AVG that

my computer was infected with the trojan backdoor Generic3. I think that my wife accidently downloaded it when downloading a game on the internet. I just spent $300 getting my computer totally fixed last month due to all kinds of issues it was having so I am trying to be very cautious on the internet. I thought my wife was too, but I guess not .

AVG did not seem to be able to remove (Heal) this or even move this to quarantine. I searched this site for help and found a forum that discusses what might help. Because of this I downloaded gmer and ran the scan under the rootkit tab. I am not sure how to post what it told me (I am not very computer savvy). I did state that some of these files have been manipulated and some are in red type. I guess that I am stuck at this point. How can I get this off my computer?? If anyone could help me out I would greatly appreciate it.
-Thanks
Matt

A:I Think I Have A Trojan Virus(trojan Backdoor Generic3)

I just wanted to add the details of what AVG states: C:\WINDOWS\SYSTEM32\yvbb01.dll and the virus is Trojan Horse Backdoor.Generic3.CEQ
-Matt

Read other 2 answers
RELEVANCY SCORE 45.2

:whistle my advanced system protector pops up with a host file change , if I select dont allow my computer shuts down. cant uninstall gotomypc, printer keeps uninstalling. ThanksSorry forgot to hit upload for last postMerged topics then posts. ~ OB

A:trojan.generic.001 + trojan.backdoor variants

Hello amberbox81,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.It's been awhile, do you still need help? Please reply as soon as you can so that I could analyze your log.Best regards,mas_pogi

Read other 1 answers
RELEVANCY SCORE 44.8

Malwarebytes' Anti-Malware 1.34Database version: 1876Windows 5.1.2600 Service Pack 23/20/2009 4:06:56 PMmbam-log-2009-03-20 (16-06-56).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 119370Time elapsed: 21 minute(s), 29 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 7Registry Data Items Infected: 3Folders Infected: 0Files Infected: 13Memory Processes Infected:C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LO... Read more

A:Trojan.Agent,Trojan.NtRootkit.Agent,Backdoor.IRCBot,Trojan.FakeAlert.H

I have posted at Geekstogo to help you already.
Please do not post at multiple forums for help.

Read other 1 answers
RELEVANCY SCORE 44.4

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 44.4

Every few minutes I get a message from Norton Auto Block telling me a threat has been detected and blocked. It is always one of the viruses listed in the topic title. I have a Toshiba Satellite Laptop operating Windows Vista 32 bit with Service Pack 2. I use Norton 360, and also have NPE. I followed all of your steps in preparing my system for removal. However, I was unable to run Gmer.exe all the way through completion. It would start and then freeze and close before it completed the scan. It even did this from safe mode. Since having these viruses detected, I have also experienced problems with my computer freezing up and the open windows not responding. My mouse will move but will not interact with any icons, nor will task manager open from Cntrl+Alt+Del leaving me with the only option of a hard restart. Sometimes when it comes back it is fine, sometimes the problem occurs again within a few minutes.

Below is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jenny at 0:01:54 on 2012-07-27
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1895 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\... Read more

A:Trojan.Gen, Trojan.Gen.2, Trojan.zeroaccess.b, Backdoor.Trojan

Hello JenPoohBear and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, pl... Read more

Read other 25 answers
RELEVANCY SCORE 44

Hi there,
I keep recieving notifications from Norton saying it has blocked the Trojan.Zeroaccess.B., Trojan.Gen.2., and Trojan.backdoor. Can I remove the threat from my computer?
DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Zubair at 13:57:05 on 2012-07-16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3006.1538 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program F... Read more

A:Trojan.Zeroaccess.B. and Trojan.Gen.2. and Trojan.backdoor

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 19 answers
RELEVANCY SCORE 43.6

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 43.2

I get the error msg. Trojan Detected BackDoor-AWQ.b (Trojan) every time i boot up my pc. Went to McAfee website for virus removal, and paid 3 different times for removal. It's still there. Can anyone give me some advise on how i can get rid of it?DDS (Ver_09-02-01.01) - NTFSx86 Run by JAMES MOON at 6:30:15.70 on Sun 02/08/2009Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: Webroot Internet Security Essentials *disabled*FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Intel\Wireless\Bi... Read more

A:Trojan Detected BackDoor-AWQ.b (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 43.2

Ignore this post. I have reposted it at http://www.bleepingcomputer.com/forums/t/257932/backdoortrojan-trojanhorse/ so I can could post the HiJack This logs. Sorry, I chose the wrong forum initially.

A:Backdoor.Trojan & Trojan.Horse

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.To avoid confusion, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.Good luck with your log.

Read other 1 answers
RELEVANCY SCORE 43.2

Hi I was infection with the above Trojans which resulted in a flashing yellow triangle and lots of popups about malware infection and security downloads.I have followed your steps re downloading Ad-Aware and Spybot and I also downloaded AVG free which has managed to vault a numbe of Zlob files. I have Norton 360 as my main security.After running the Ad-Aware and Spybot, the flashing triangle and pop ups appeared to have stopped. I have made a Hijackthis Log and am posting it here ... can you tell me if I need to do anything further?ThanksMezLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:18:42, on 24/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symant... Read more

A:Backdoor Trojan/zlob Trojan

Hello mezxx,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys ... Read more

Read other 17 answers
RELEVANCY SCORE 43.2

This post is a request for help to identify what Trojan that has infected my laptop, and what to do to remove and prevent reinfection. Logs attached include Symantec Antivirus Risk History, Malware Bytes logs, HiJack This log and DDS log. I tried to run RootRepel, but it keeps crashing. I have attached the crash log. My ISP has contacted me twice to let me know that people are complaining that I am spamming them from my IP. Recently, I believe I got a trojan using someone else's wireless network on my work laptop when I was remote from my home because I got the Total Security 2009 icon placed on my desktop, but I ran Malwarebytes and thought that was it. However, my ISP complained again. Here are my details:Operating System: Windows XP Professional 2002 SP3Antivirus: Symantec Antinvirus version 10.1.6.6000, Scan Engine 91.2.0.30, Virus Definition File - 9/14/2009 rev.3Anti-Malware: Malwarebytes 1.41 Date: 9/15/2009, Database version 2804, Fingerprints loaded: 132635Issue #1: Symantec Antivirus for the last 2 days has repeatedly found two items: Backdoor.Trojan and Trojan.Horse.Here is the Symantec Risk History log for the past 2 days:Risk Filename Risk Type Original LocationBackdoor.Trojan Unavailable File UnavailableTrojan Horse ~TM7A.tmp File C:\Documents and Settings\xtr683.TEXAS\Local Settings\temp\Backdoor.Trojan sasu.exe File C:\WINNT\system32\Backdoor.Trojan laquan.exe File ... Read more

A:Backdoor.Trojan & Trojan.Horse

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 43.2

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers