Over 1 million tech questions and answers.

Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

Q: Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

My pc is infected by following viruses:
1) Trojan.Fakeavalert
2) Trojan.Peacomm.D
3) Trojan.Perfcoo
4) Trojan.Pandex
5) Downloader
6) Dialer Trojan
7) Trojan Horse

Please let me know the steps for removal of these threats.
I am attaching a logfile from HijackThis for your reference.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:32:41, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\printer.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\varma\Desktop\HiJackThis_v2.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_061230.dll start
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Print Screen Deluxe.lnk = C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
O4 - Startup: system.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE5F6B3D-36C9-42AA-860D-59F5594F8FF5}: NameServer = 192.168.0.110
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Indexing Helps (Indexingbox) - Unknown owner - C:\WINDOWS\system\svchest.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5511 bytes

RELEVANCY SCORE 200
Preferred Solution: Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Read other 3 answers
RELEVANCY SCORE 134.8

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 117.6

Various pop-up windows launch, at times overwhelming computer, forcing manual shut-down
DDS (Ver_09-07-30.01) - FAT32x86
Run by David cole at 13:04:41.81 on Thu 08/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.523 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\... Read more

A:Infected with VirtuMonde (Trojan.Vundo) and FakeAVAlert (Trojan.FakeAVAlert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 115.6

I am running Windows XP. Norton says it detects Trojan.Peacomm:
Virus Found!Virus name: Trojan.Peacomm!zip in File: hotfix-98056.zip by: Manual scan. Action: Clean failed : Leave Alone succeeded :

I have run a manual Norton scan, AdAware, Spybot, and HouseCall, as well as AVG. All find nothing, but I am still seeing it detected in virus history and activity viewer. Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:26 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\us... Read more

A:Solved: Need Help with Trojan.Peacomm virus please

Deleted infected files out of quarantine in Safe mode and the logs look ok.
 

Read other 1 answers
RELEVANCY SCORE 110.8

I am running a Windows XP system. Norton says it blocked Trojan.Perfcoo and Trojan.KillAV, but I do not think it removed them. Please help me.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:05 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Fil... Read more

A:Infected with Trojan.Perfcoo and Trojan.KillAV

I downloaded Super antispyware and ran two scans. These are the logs. I also ran HJT again. That log is below SAS logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/18/2007 at 00:04 AM

Application Version : 3.9.1008

Core Rules Database Version : 3346
Trace Rules Database Version: 1347

Scan type : Complete Scan
Total Scan Time : 00:57:59

Memory items scanned : 594
Memory threats detected : 0
Registry items scanned : 7599
Registry threats detected : 0
File items scanned : 58054
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt

Trojan.Net-MSV/VPS-H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP315\A0033793.DLL

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP355\A0039357.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043823.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043835.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043837.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043839.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043840.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP382\A0043841.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-9... Read more

Read other 1 answers
RELEVANCY SCORE 110.4

I have gotten(according to Norton) the trojan perfcoo virus. Norton said it removed it but it did not. Getting window security alert popups saying " This computer is infected" and wants to send me to a web site and just keeps opening browser pages and a triangle alert in the task bar by the time. I also can not get into "set program access" it gives me a window that says "This operation has been cancelled contact the system admin."
here is a highjack log

Logfile of HijackThis v1.99.1
Scan saved at 12:8, on 2007-08-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpd... Read more

A:Infected with trojan perfcoo virus Help Please

Read other 16 answers
RELEVANCY SCORE 109.2

I have scaned my laptop with northon antivirus and it has show me that i have these problems: Adware.180 Search, Trojans. Dropper, and Fakeavalert it says these problems have been removed but my problems are still present. I cannot change my background desktop, my current background is blue and has yellow letters saying that my computer has several fatal errors due to spyware activity. and it gives me a link to click on. thats one problem. i also get pop ups reffering to antispyware programs. my laptop runs slow and my browser runs slow also.
Logs are available upon request from you guys.
Thank you!

A:[SOLVED] Adware/Spyware - 180 Search, Virus/Trojan - Dropper, Fakeavalert

Welcome to TSF.

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/comb...o-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

Download HijackThis at http://www.greyknight17.... Read more

Read other 11 answers
RELEVANCY SCORE 108

I'm looking for help on my XP home edition. I have Symantec AntiVirus telling me I have Trojan.Fakeavalert. I have Window Defender telling me I have Win32/Renos and Win32/Fakeinit.

My desktop background has a large black and red message stating "YOUR SYSTEM IS INFECTED! ............. " Internet explorer is blocked on the machine. And I get many popups for fake virus removal.

What is the best course of action? I have many different solutions on the web but not sure which to go with.

A:Infected with Trojan.Fakeavalert, Trojan:Win32/Fakeinit and Renos

Moving to Am I Infected forum.

Read other 2 answers
RELEVANCY SCORE 106.8

Hi,My computer has been infected Trojan.Malscript!html and Trojan.Fakeavalert according to Symantec AV. It has become very slow, I keep getting pop ups saying that my computer has been infected and I need to download some software to get it cleaned.I am unable to update windows defender or run windows defender.As per instructions I have run dds.scr and am pasting and attaching the log. All help would be appreciated.DDS (Ver_09-03-16.01) - NTFSx86 Run by Amit at 19:23:02.95 on 22/04/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.ca/uSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearch Bar = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywayuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/iemWinlogon: Userinit=c:\windows\system32\userinit.exeBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -... Read more

A:Infected with Trojan.Malscript!html and Trojan.Fakeavalert

I have tried the following, but the computer is still infected-

1) Install Avast and ran it in boot mode, it found a bunch of files which I deleted
2) Ran norton a few times, it does not find anything

The virus does not let me update windows, keeps stopping windows update in the services. Please help me get rid of this virus...

Thanks...

Read other 3 answers
RELEVANCY SCORE 102.4

My computer has been running slow with occasional pop ups, my desktop background changed, and my task manager disabled. I ran my Symantec Antivirus which detected the following risks and are now All Quarantined.
Trojan.Fakeavalert
Trackware.7FaSStSearch
Adware.Mirar
Adware.ISMonitor
Adware.Savenow

Below please find my Activescan report, deckard's system scanner and the extra.txt (it would not let me attach it for some reason so i copy and pasted.) Thank you in advance for your help.

Activescan report:

Incident Status Location

Adware:Adware/SpyAway Not disinfected C:\WINDOWS\system32\mgmrwmrv.exe
Adware:adware/eshopper Not disinfected c:\windows\system32\ESHOPEE.exe ... Read more

A:Adware, Trojan Fakeavalert, Spyware & possible Virus

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.

Before we go any further, please make sure HijackThis is run from its own folder. This ensures back ups are made and kept securely. Backups allow the restoring of fixed entries when necessary.

On the Desktop, right click an empty area, select New > Folder, and name the folder HijackThis.
Place the HijackThis.exe file in it, and then run the program from its own folder from now on...

~~~~
Please download ComboFix
Save to the Desktop <<< Important!!

Close or disable all AntiVirus and AntiMalware programs so that they do not interfere with the running of ComboFix. In your case this will include:
Symantec AntiVirus
SpywareStop
Spybot Search and Destroy TeaTimer

To disable the Spybot Search and Destroy TeaTimer:Open Spybot Search & Destroy
In the Mode menu click Advanced Mode, if not already selected.
Select: Yes at the Warning prompt.
Expand the Tools menu.
Click: Resident
Uncheck the Resident TeaTimer (Protection of overall system settings) active.
In the File menu click Exit

Restart the computer!!

~~~~
Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~... Read more

Read other 1 answers
RELEVANCY SCORE 102

my sister (in Texas) has xp and norton 2006; she installed the live updates on the 14th and on the 22nd this virus got on her pc..what can be done to remove it? thanks much!!!
 

A:Solved: URGENT! Trojan Peacomm

Read other 12 answers
RELEVANCY SCORE 96.4

So it seems that I've been simultaneously infected with both the Downloader.MisleadApp and Trojan.Perfcoo trojans. I've run Ad-Aware and I've tried using Norton 3 times (normally, in safe mode, and with system restore disabled) going by symantec's directions, and that has not helped. I've also searched through forums to try using any information from anyone else with similar problems, but that has not helped either. I downloaded HijackThis, and though it downloaded and installed on my computer, it won't open--even in safe mode. Anyway, any assistance in removing these trojans would be very helpful. Thank you.

A:Downloader.MisleadApp & Trojan.Perfcoo

I also can't get ComboFix to work either. Any help would be sweet...

Read other 2 answers
RELEVANCY SCORE 96.4

Hello,

Thank you very much for your assistance. I have a Dell D430 laptop running Windows XP Professional. My computer is infected by Hacktool Rootkit and Trojan Perfcoo - Symantec detects them but is unable to clean them permanently. The symptom is a white X, red background icon in the taskbar that states 'Your computer is infected'. Here is the HJT log.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:04, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\... Read more

Read other answers
RELEVANCY SCORE 96.4

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 1 answers
RELEVANCY SCORE 94.4

Hey, this is my first post and I need help please. I clicked on a link the other day that loaded Trojan.Perfcoo and Packed.Generic.182 onto my computer according to another scan I ran. My main problem is that when I open Microsoft Outlook 2000, it says it receives my e-mails, then when it is complete, my program stops responding and closes. Any help would be greatly appreciated! Thanks in advance!
HiJackThis log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:32 PM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 93.6

I'm having trouble with my computer and I was hoping someone a little more computer-literate would be able to help me. I'm getting pop-ups on my computer saying I have to "download this" to get rid of the trojan that's on my computer. I've run my Norton Anti-Virus scan several times and it doesn't come up with anything, but I keep getting these pop-ups. Norton says my computer is protected against trojan.peacomm, but I'm afraid there's something on my computer that Norton's not detecting. If there's anyone who can help me make these pop-ups go away, I'd appreciate it!

A:Trojan.peacomm

Hello amansoma and welcome to BC.Please Click on HERE to download a self extractable version of hijackthis . Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis. Scan with HijackThis. Save the log and post it here in your reply in this thread.

Read other 2 answers
RELEVANCY SCORE 93.6

Got infected by this trojan the other day. Not sure if my antivirus caught it or not because a pop-up still comes up every once in a while from my antivirus that mentions it.

Please help. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:24:48 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\i... Read more

A:Trojan.Peacomm.B

Before any work can be done on this machine, there is something that requires your immediate intervention.

This machine is messed up pretty badly because you have several anti-virus programs (McAfee & Symantec) on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & produces undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallPost a fresh HJT log when you have completed the above task.

Read other 11 answers
RELEVANCY SCORE 93.6

My computer says I have a Trojan.Peacomm how can i get rid of it?
 

A:I have Trojan.Peacomm

Read other 7 answers
RELEVANCY SCORE 93.6

My daughter let her anti-virus run out and didn't tell me until it wouldn't connect to the internet. You gotta love teenagers. I managed to get it where it would connect, put Norton anti-virus on it, when it did get connected Norton would constantly pop up and scanning outgoing email, there were about 12 windows popped up scanning outgoing email before I got it unplugged from the internet. It was sending out spam. I did a full scan offline, Norton found 8 viruses and fixed 1, quarantined the other 7. I ran adaware removed all it found, rebooted and scanned again, while scanning Norton kept popping up saying it had blocked an inbound worm attempt, but I was offline so I know it was internal. When I clicked on more info, it said it was the BD Peacomm Trojan. I did another scan in safe mode, and it didn't find anything. I installed zone alarm and blocked everthing going out, went to the Kasperbyscan site and did a scan. I have turned off system restore to remove all restore points, unhidden all files, including system files, deleted all temporary files, deleted the temp files Kasperbyscan found, ran adaware again. I am still getting the message from Norton about the Peacomm trojan. I will post my Hijack this log, if needed I also have the results from the Kasperbyscan. Thanks in advance for all the help.Logfile of HijackThis v1.99.1Scan saved at 5:29:46 AM, on 4/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:&#... Read more

A:Bd Peacomm Trojan

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Fujimo24 Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.*****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your des... Read more

Read other 10 answers
RELEVANCY SCORE 93.6

Norton says that I am unprotected against a rapidly spreading threat. But when I do a virus scan on both AVG and Norton I find nothing. Does this mean that I have the virus or is it saying that I just need to update (My subscription is expired).
 

A:Peacomm.trojan

Hi and welcome

It appears to be a Norton sales ploy and it is going wrong.
It seems the update servers are somewhat overloaded so error messages are coming out.
It's just warning you that you need to update Norton NOT that you have the virus.
 

Read other 1 answers
RELEVANCY SCORE 93.6

Hey guys. Is there any other methods or programs used to remove the trojan peacomm which was identified by norton, other than Norton itself?

A:Trojan.peacomm

You can read about it here:http://www.bleepingcomputer.com/forums/top...tml#entry436699If you are infected you can give the Bit Defender online scan a try. http://www.bitdefender.com/scan8/ie.htmlYou can also post a Hijack This log by following the instructions below.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 2 answers
RELEVANCY SCORE 93.6

Hi,

My latest windows update won't seem to update properly - it starts then stops and comes up with the following message

Updates were unable to be successfully installed

The following updates were not installed

Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB886903)

ALSO

My Norton Antivirus is popping up saying I'm not protected against the latest threat which is "Trojan Peacomm" When I click protect me now it starts the process but says the Outbreak Alert cannot protect me from this rapidly spreading threat and tells me to run liveupdate. I tried running the liveupdate seperately which was successful so it said. But Im still not protected against this Trojan after rebooting. Is flashing up as Urgent Attention too.
 

A:Trojan Peacomm

The first problem I would create a new thread for in our Windows XP section.

As for the Norton alert, it appears to be a Norton sales ploy and it is going wrong.
It seems the update servers are somewhat overloaded so error messages are coming out.
It's just warning you that you need to update norton NOT that you have the virus.
 

Read other 1 answers
RELEVANCY SCORE 93.6

Hey everybody

My Norton virus software alerted me that I'm not protected against a rapidly spreading threat. Trojan.peacomm was the threat listed.

Could please tell how I could get rid of this problem as my software is tell to renew my subscription. The only problem is I can't renew my subscription because it's too expensive and I can't afford it.

What could I do instead to get rid of the threat.

Please help me as soon as you can.

Thanks
GCMM

A:Trojan.peacomm

Are you actually infected or is Norton just trying to scare you into purchasing their products? Since you are not planning to activate Norton's antivirus or whatever else you had from Norton, I would suggest you review the free programs listed in the link below. http://www.bleepingcomputer.com/forums/topic3616.htmlYou should have only one antivirus and one firewall active on your computer at one time. Suggest you completely uninstall Norton. You should also run the online scanner in the link below.http://www.bitdefender.com/scan8/ie.htmlHere is a link to a free antispyware that you should also install and run in safe mode.http://free.grisoft.com/doc/20/lng/us/tpl/v5The info below is from Symantec:The first signs of Trojan.Peacomm were seen in-the-wild on January 17, 2007. The trojan horse arrives as an attachment to an email purporting to contain a video of one of several different recent news stories. The email itself will have no message body, but will have one of the following subject lines: * ?A killer at 11, he's free at 21 and kill again!? * ?U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel? * ?British Muslims Genocide? * ?Naked teens attack home director.? * ?230 dead as storm batters Europe.? * ?Re: Your text?The file attachment will be one of the following: * FullVideo.exe * Full Story.exe * Video.exe * Read More.exe * FullClip.exe

Read other 2 answers
RELEVANCY SCORE 93.6

Logfile of HijackThis v1.99.1Scan saved at 9:32:31 PM, on 1/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\Sy... Read more

A:Trojan.peacomm

Logfile of HijackThis v1.99.1Scan saved at 10:43:29 PM, on 2/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Expl... Read more

Read other 2 answers
RELEVANCY SCORE 93.2

A couple of days ago I got a trojan virus on my computer and I have no idea how to remove it. I use avast!antivirus and got the software needed - I think - such as CWShredder, Hijack This v. 1.97.0007 and XoftSpy v. 1,0,0,1. But I dont know how 2 use them! Please give me any advice!THX!
[email protected]
This is my log file if needed.

Logfile of HijackThis v1.97.7
Scan saved at 13:46:45, on 04-04-28
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\MXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COREL\GRAPHICS9\REGISTER\REMIND32.EXE
C:\WINDOWS\TWAIN_32\S6U12BX\WATCH.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/po... Read more

A:Solved: How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!!

Hi Darekk1982

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL

O4 - HKLM\..\Run: [Konfigurator] C:\WINDOWS\mxx.exe --start

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\PROGRAM FILES\COMMON FILES\CMEII folder
The C:\Program Files\PrecisionTime folder
The C:\WINDOWS\mxx.exe file
Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these op... Read more

Read other 2 answers
RELEVANCY SCORE 92.8

Hi,

I believe I have WinAntiVirus invading my system, along with multiple other problems. This is an old system that my kids (including hubby - biggest kid of all! ) have been using, that I have not kept up with, so I'm sure there is alot wrong, and honestly don't know what has been downloaded on here at this point!. Any help appreciated!

Current most annoying issue - status bar, yellow triangle with excl. point that causes a "windows error" about removing spyware every 5 minutes. Has locked out task manager, desktop properties, etc.

I ran Housecall from TrendMicro and cleaned whatever it found. I tried running Kaspersky, but at some point it restarted my computer. (Not sure at what point, as I walked away).

Below is a HJT log as well as a F-Secure log.

Thanks in advance for any help!!

______________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:12 AM, on 8/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\... Read more

A:Solved: Multiple Virus / Trojan / etc -- Help!

Read other 16 answers
RELEVANCY SCORE 92.8

Hi BC staffI think I have a problem with my computer. When I turn on my laptop, the Norton Internet Security shows me in the Outbreak Alert tab that I got an infection. It said "your computer is not protected against these rapidly spreading threats." and the threat name is "Trojan.Peacomm"So, I went through all steps as posted on the web and did HijeckThis. I have no idea how I got it and I do not know what "Trojan.Peacomm" does. Beside of the alert message from Norton, not thing really happen to my computer yet, but please help me before it get worst. Thank you and here is my logfile.Logfile of HijackThis v1.99.1Scan saved at 9:36:50 PM, on 1/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\... Read more

A:Infected By Trojan.peacomm

Has your Norton Licence expired?

Read other 10 answers
RELEVANCY SCORE 92.8

Norton Antivirus alerted me a couple hours ago that i was unprotected against a Trojan: Peacomm. Thing is, I've restarted my computer about 3 times, with the internet not connected and it still tells me the trojan is spreading. Do I really have this? if so, what can i do to get rid of it? any free removal software out there? pleez and thanx.

I also remember checking my student email account through Microsoft Outlook, on which 1 spam email was there. As far as i know, i get spam on my student account all the time and nothing bad has ever happened until now. I never open it either.



Logfile of HijackThis v1.99.1
Scan saved at 10:28:53 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoo... Read more

Read other answers
RELEVANCY SCORE 92.8

Got infected by this the other day. I can't tell if my virus protection stopped it or not because a dialog box about it keeps appearing each time I start my computer.

Please help. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:24:48 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.e... Read more

Read other answers
RELEVANCY SCORE 92.8

Got a pop up from Norton telling me I was not protected against the latest virus..trojan.peacomm. Had the option..protect me now...so I tried it. Said it couldnt do it and i should go to Live update to do it. So thats what I did. Live update ran and said all updates are current ! Well I keep getting the warning and the icon on the tray keeps flashing red. If i go into Norton it says I am not protected against this trojan. Any ideas???
 

A:Symantec and Trojan. Peacomm

It appears to be a Norton sales ploy and it is going wrong

it seems the update servers are somewhat overloaded so error messages are coming out

It is just warning you that you need to update norton NOT that you have the virus
 

Read other 1 answers
RELEVANCY SCORE 92.8

has virus on computer. i have norton 2006. ran live update on jan 14, 2006. can't run live update. help! how to fix?
 

A:urgent, trojan peacomm

It appears to be a Norton sales ploy and it is going wrong.
It seems the update servers are somewhat overloaded so error messages are coming out.
It's just warning you that you need to update Norton NOT that you have the virus.
If LiveUpdate keeps failing, you may need to reinstall Norton.
 

Read other 1 answers
RELEVANCY SCORE 92.8

picked up these bad boys when i was stupid and launched an .exe that i wasn't too sure of in the first place. anyway, nothing i have is getting rid of them. the following is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 7:48:19 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windo... Read more

A:Solved: trojan.vundo/trojan horse/downloader virus help.

Read other 14 answers
RELEVANCY SCORE 92

I seem to have contracted a lot three trojans and possibly more. I used spy sweeper to detect it but it won't get rid of it unless I subscribe. It seems that my antivirus mcafee is not detecting anything. And spybot can't do anything but delete a.bat everytime my computer starts. I ran hijack this and this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:19 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX... Read more

A:Solved: Windows xp with mybot trojan, a.bat zapchast trojan, and autospy trojan

Read other 16 answers
RELEVANCY SCORE 92

I, perhaps mistakenly, searched the internet for help w/ my Trojan.Fakeavalert and found this forum. I then proceeded to follow the instructions given to another user by one of your administrators per http://www.bleepingcomputer.com/forums/t/165275/infected-with-trojanfakeavalert/ Below are both my logs. If someone could please analyze them accordingly, I would greatly appreciate it.ComboFix 09-01-08.01 - Jeff 2009-01-08 17:04:34.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.96 [GMT -5:00]Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Jeff\Local Settings\Temporary Internet Files\QcBarK_Tmp.txtc:\documents and settings\Jeff\Local Settings\Temporary Internet Files\QcBarL_Tmp.txtc:\documents and settings\Jeff\Local Settings\Temporary Internet Files\QcBarT_Tmp.txtc:\windows\system32\config.datc:\windows\system32\randomiser.exe.((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))))).2009-01-08 16:16 . 2009-01-08 16:16 d-------- c:\documents and settings\Jeff\Application Data\Malwarebytes2009-01-08 16:16 . 2009-01-04 18:41 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys2009-01-08 16:16 . 2009-01-04 18:41 15,504 --a------ c:... Read more

A:Trojan.Fakeavalert HELP!

First please don't use scanners like combofix without direction, you can irreparably harm your system.Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to ... Read more

Read other 3 answers
RELEVANCY SCORE 92

Hi-
I don't won't to hijack this thread, but I have been infected by Trojan.Fakeavalert which G-Stress has also seemed to be infected by (or at least something similar). I've spent hours searching for a fix and stumbled upon this thread/forum, which has been a great help so far. I'm just hoping for a little help myself, but I am new to this. With the permission of the forum members I was hoping for a little help also.

I first found the file, located in C:\resycled\boot.com (which led me to this thread) and deleted the thread according to Cookiegal's instructions, along with searching for Pornovid in my registry (2 of which were found) and deleted. I also searched for kdtcc.exe, of which nothing was found. I installed malwarebytes and scanned, but it did not find anything. Thats all I've done so far. My problem now is that when I try to "open" my C: drive it tells me that it cannot find C:\resycled\boot.com. It will let me "explore" my drive, but not "open" it.

Again if it is okay with the forum users, specifically G-Stress and Cookiegal, I would love some assistance to ensure that I remove this trojan. You're help is greatly appreciated.

Edit: I should also mention that my Symantec AntiVirus realtime protection keeps catching temporary files (.tmp) being produced in my Local Setting\Temp folder. I delete them, but soon a different one will reappear.
 

A:Trojan.Fakeavalert

Whoops...apparently my thread has been moved. I originally posted in this thread:
http://forums.techguy.org/networking/751516-solved-dns-server-issue-2.html

I apologize for posting in the same thread. I figured the problems were similar enough. But if anyone can help I would greatly appreciate it!

Edit:
And I believe this is what everyone requires...my hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:51 PM, on 9/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\P... Read more

Read other 2 answers
RELEVANCY SCORE 92

ok preforming my norton system scan it came up with three hits.:
Trojan.Fakeavalert
Trojan.Fakeavalert
Trojan.Fakeavalert
the system scan said it could not fix the problem and to click "this" to see risk details. this is what came up.:
File:
C:\Users\PAUL\AppData\Local\Temp\BITFCBE.tmp
pls help i have no idea what to do next. i gave all the info i knew. if you need anything else pls let me know thanks.

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software... Read more

Read other answers
RELEVANCY SCORE 92

I was on Facebook on my WinXP Home Edition and was very stupid and ran a program I thought to be Flash Player but turned out to be something more malicious. Sadly, I didn't take down the info of the program I ran.Anyway, my Facebook got hacked and then all of a sudden I started getting tons of "Auto-Protect Results" about "Trojan.Fakeavalert". I use Symantec AntiVirus. I'm getting these "Trojan.Fakeavalert"s in counts of 1, 2, 8, 9 and and anywhere in between 25-32. Some of the actions that are coming up are "Reboot Required - Cleaned" but most say "Reboot Required - Partial". When I close the "Auto-Protect Results" pop-up, it tells me to reboot. I've rebooted quite a few times now.More and more of these "Auto-Protect Results" pop-ups with "Trojan.Fakeavalert"s are appearing. Also, blank windows and video chat windows are popping up without warning.I came upon this Symantec page: http://securityresponse.symantec.com/secur...-99&tabid=3I followed the instructions. I disabled System Restore, updated virus definitions, ran UnHookExec.inf, and set my computer in Safe mode. But when I ran a full system scan, nothing came up. I returned to Normal mode and looked through the registry but couldn't find registry entries I was supposed to delete. Of course, I'm not very good with computers, so I might have missed the registry entries. I then followed the instructions to the the Notep... Read more

A:Trojan.Fakeavalert

Actually, I'm not sure if the program from Facebook ran. I clicked on a link to a video and a little message on the video said that I should update my Flash Player. I clicked it, and a program popped up. I clicked "Run" and then everything froze. Then I used Windows Task Manager to close down the Facebook window. Please help me!

Read other 7 answers
RELEVANCY SCORE 92

Have cleaned registry and host files - please advise if I've missed anything; thanks in advance...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:50:32 AM, on 7/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\... Read more

A:Trojan.fakeavalert

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 2 answers
RELEVANCY SCORE 92

Hello,

My Norton 360 security program has detected "Fakeavalert", a virus, on my computer and it can't seem to kill it. However, the computer is running okay.

The computer is an HP Media Center pc and runs on Windows XP. Can someone expert help a real beginner knock out this virus. (I notice one other virus, the "Trojan.Virantix" showed up in a Norton 360 scan about a month ago. I assume that one was knocked out, but maybe we should check for that one, too.)

If you can help, I'll need beginner level instructions.

Thanks,
Dogdog
 

Read other answers
RELEVANCY SCORE 92

On Sunday(12-7-08) I started to get this fake windows security alert saying that I was infected with Trojan.Zlob (can't remember which variation, but it might have been G). Norton Internet Security and Spybot failed to recognize this after full system scans in safe mode and with windows recovery disabled. The next day, the fake security alerts stopped, and Norton blocked a random attack from Bloodhound.PDF.2 while I was researching Trojan.Zlob on the symantec website (using Opera). A few minutes later, Norton alerts me that my computer has been infected and needs to reboot in order to fully remove the threat. I comply and after I reboot, I get a warning from spybot that there is an attempt to change the registry to disable the task manager. I do not allow the change because I don't think that Norton would need to do that to remove the previous threat. I check the Norton logs to see that I was attacked by Trojan.Fakeavalert and it was fully removed. About an hour later Trojan.Fakeavaler attacks again and the process repeats including the attempt to disable the task manager. Every time I ran a full system scan with Norton or spybot, they would never find anything. Only as the attacks were being executed was I warned about either. As of yesterday (12-11-08) it seems all of the problems are completley gone (***?). No fake security alerts and no attacks form the viruses. I made the mistake of selecting the checkbox "Don't Ask Me Agian" after spybot was blockin... Read more

A:Trojan.Fakeavalert help

Sorry for the delay but we're a bit short handed at the moment. It's been sometime since the last log was posted. If you still require assistance, please post a fresh logs.

I'm subscribed to this thread & would be notified of your reply.

Read other 5 answers
RELEVANCY SCORE 92

I have a couple of Trojans on my machine. Just got them in the last day or so from a downloaded game my son tried.
One listed as the trojan.fakeavalert, another was trojan.win32.patched.ax(v) and trojan.win32.tdss.w


My virus program Vipre has found them and a few cookies ect, and supposedly quarantines them. They keep coming back.

I have followed the instructions posted and am at the point of downloading and using the GMER program. I have downloaded it, unzipped and tried to run it.
It does not open correctly. Either the scan button is over top the other items on the right side and does not work, or it is gone completely.
I have redownloaded it and unzipped again. Same deal.
what can I try to get that information done?

Im posting and attaching what I was able to do on the first steps.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Pam at 10:24:40.61 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.970 [GMT -7:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *enabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Wind... Read more

A:Fakeavalert trojan

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

I need to see a gmer log in order to help you. Please run this special version of gmer.

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan..... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

Hi,

I've been at this problem for some time and I've found no solution.

My Wireless Network Connection on my HP laptop is sending packets but is receiving few (right now the ratio is 290/8).

I have attempted connected through Mozilla and IE. Each gives me the "server not found" or "IE cannot display the page." When I load IE and receive the cannot display the page message, I also receive the following message on a separate gray "Search Provider Default." "A program on your computer has corrupted your default search provider setting for IE." The message continues but that is the main message.

I am using the same wireless router to send this message that the HP is also connected to. Therefore, the router itself cannot be to blame.

Here is the ipconfig/all information:

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC139818592325
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Networ
k Connection
Physical Address. . . . . . . . . : 00-13-02-9D-CE-BE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconf... Read more

A:Packets Being Sent, Not Received. Damage by trojan/virus possible culprit.

Also, the trojan/viruses I gave were quarantined and then deleted. Upon my last scan with Emisoft, they did not show again. However, this is the first time that the trojans did not resurface upon an additional scan.

I'm certainly no expert in this field, but my assumption has been that the culprit of my problem has to do with something related to the trojans.

Read other 11 answers
RELEVANCY SCORE 91.6

I am running Windows XP SP2. I had gotten a message from Norton antivirus that it had detected "Trojan.Peacomm.B!Inf, and that it had been successfully removed. It said a reboot was necessary to finish the removal. I rebooted, but when the system came back up, I had no network connectivity. When I ran the "Diagnose Connection Problems" from IE, it said "Windows has detected a problem with the Winsock provider catalog on this computer." I tried running the fix, but that did not resolve the issue.

I am accessing the internet from another computer via a wireless router, so I'm sure the actual cable connection is good.

From looking at other posts here, I ran:
netsh winsock reset catalog
netsh int ip reset reset.log

but am still getting the same problem.

The only other thing I saw that looked suspicious was in the Norton log file, where I saw a message from around the time this problem started occurring that said:
"Protecting your connection to a newly detected network on adapter "Intel PRO/100 VE
Network Connection - Packet Scheduler Miniport".

Any help you can provide would be greatly appreciated.

Thanks,
Dave
 

Read other answers
RELEVANCY SCORE 91.6

I am running Windows XP SP2. I had gotten a message from Norton antivirus that it had detected "Trojan.Peacomm.B!Inf, and that it had been successfully removed. It said a reboot was necessary to finish the removal. I rebooted, but when the system came back up, I had no network connectivity. When I ran the "Diagnose Connection Problems" from IE, it said "Windows has detected a problem with the Winsock provider catalog on this computer." I tried running the fix, but that did not resolve the issue.

I am accessing the internet from another computer via a wireless router, so I'm sure the actual cable connection is good.

From looking at other posts here, I ran:
netsh winsock reset catalog
netsh int ip reset reset.log

but am still getting the same problem. Any thoughts on if the Trojan would cause this type of problem?

Any help you can provide for resolving this would be greatly appreciated.

Thanks,
Dave
 

A:Trojan.Peacomm.B!Inf and Winsock Problem

Read other 16 answers
RELEVANCY SCORE 91.6

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.ex... Read more

A:trojan.peacomm, hijack this include

Read other 7 answers
RELEVANCY SCORE 91.6

Hello,Norton 360 has identified at least 3 threats (multiple instances of each one)I am attaching a screen shot of some of the errors. They are: Trojan Peacomm, Trojan Pandex, and [email protected] symptom is... I get this message when I try to run Thunderbird email program but I cannot find Thunderbird running in task manager."Thunderbird is already running, but is not responding. To open a new window, you must first close the existing Thunderbird process, or restart your system."Out of desperation my son ran Combofix before I read your instructions. I hope that didn't mess everything up even more.The tech support at Norton was not able to fix it.I ran several different removal tools to no avail including RootkitBuster_3.60.1016 and NPE (Norton Power Eraser)This is my wife's computer and she doesn't know what she did. She was badly infected (she was running XP PRO) and so I bought her windows 7. I installed it on same hard drive without formatting and it worked fine for about a week and then she became re-infected.the windows.old directory was created when I installed Windows 7. (It is her old XP PRO that was also infected)When the infection hit it closed down her Thunderbird again. Any help would be gladly appreciated.thanks RichardDDS.TXTDDS (Ver_10-12-12.02) - NTFSx86 Run by PW at 22:40:46.11 on Mon 01/10/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2296 [GMT -5:00]AV: Norton 360 *Enabled/U... Read more

A:Trojan Peacomm, Pandex and [email protected]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 13 answers