Over 1 million tech questions and answers.

Infected with win32/Zperm

Q: Infected with win32/Zperm

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

RELEVANCY SCORE 200
Preferred Solution: Infected with win32/Zperm

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Read other 21 answers
RELEVANCY SCORE 85.2

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 69.2

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 68.4

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-1... Read more

A:win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 2... Read more

Read other 12 answers
RELEVANCY SCORE 68.4

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 67.6

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 66.8

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/... Read more

A:AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Tempo... Read more

Read other 22 answers
RELEVANCY SCORE 66.8

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance... Read more

A:Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, y... Read more

Read other 11 answers
RELEVANCY SCORE 56

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 54.8

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 53.6

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 49.2

Hello all,Because of my careless actions while using my computer and IM i got infected and now i cant get rid of it. Im getting now ad pop-up's only, and i think i got rid of some infections that came but still there are left a few. I got this infection about a week ago. Computer hasnt been used much after that 'cos i had to go away for a week and didnt have time to try to fix it then. Now i tried to fight with this for a couple of days, but no glorious victory for me here.Kaspersky's online scan report is last in my postIf you have time and knowledge to help me, i would appreciate it.Thanks in advancemain.txt:Deckard's System Scanner v20071014.68Run by Jaybird on 2008-06-07 14:21:17Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Jaybird.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:28, on 7.6.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\W... Read more

A:Infected With Win32.virtumonde/win32.monde/win32.ircbot

Hello Jay-EM and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

Firefox and Mostly IE is experiencing redirects when I search through any search engine. Avast is continuously stopping malware in the Windows\Temp folder.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ricardo at 15:09:36.31 on Sun 12/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2184 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\... Read more

A:Infected with Win32:Malware-gen, Win32:Rootkit-gen, and Win32:Spyware-gen

Please close this post. I'm reformatting and reinstalling an Acronis Image prior to the infection. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 48

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 47.6

i keep getting a virus called zperm. i ran AVG and ad-aware. here is a copy of hijackthis. do i need to do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:41 PM, on 2/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.ex... Read more

A:zperm virus

Read other 6 answers
RELEVANCY SCORE 46.4

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 46

Avg picked them up. Computer is still crashing and programs will not close. Also woke up this morning to my computer with a message saying the driver has crashed. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:26:29 PM, on 8/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeI:\WINDOWS\system32\spoolsv.exeI:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeI:\WINDOWS\system32\nvsvc32.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\Explorer.EXEI:\Program Files\Microsoft ActiveSync\wcescomm.exeI:\PROGRA~1\MICROS~3\rapimgr.exeI:\PROGRA~1\AVG\AVG8\avgwdsvc.exeI:\PROGRA~1\AVG\AVG8\avgrsx.exeI:\PROGRA~1\AVG\AVG8\avgnsx.exeI:\Program Files\Mozilla Firefox\firefox.exeI:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: WormRadar.com IESiteBlocker.NavFilter -... Read more

A:Infected with Generic13.BDTK, Win32/Puce.E, Win32/CryptExe, Downloader.Generic_r.da

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 46

Hello Bleeping!
A few days ago I removed Norton AV and installed MSSE. MSSE detected Trojan Dropper: Win32/Sirefef.B and Rogue:Win32/FakeRean. For the past two full system scans MSSE has detected and removed the dropper, and the last scan (last night) detected the Fake Rean. The MSSE removals don't appear to be effective against the dropper. Another peculiar thing, when I installed MSSE a few days ago, it told me my firewall was not up, but when I go into MS Security Center it says that the firewall is "ON". Not sure if perhaps the Norton AV removal maybe wasn't complete and that I am getting "false positives", or if something is really there. My logs are as follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Eric at 16:37:09 on 2012-02-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2216 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\syste... Read more

A:Infected with Trojan Dropper: Win32/Sirefef.B AND Rogue: Win32 Fake Rean

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 18 answers
RELEVANCY SCORE 46

Dear sirs,

Please help me get rid of these malwares & worms. My AVG did not detect them, only Karpersky seen them. My problem is how to get rid of them safely. Please help me. I use my laptop for games and school purposes.

Thanks in advance.

Below is my DDS scan result:
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 14:59:41.34 on Tue 02/03/2010
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Business 6.0.6002.2.1252.65.1033.18.3061.1820 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Co... Read more

A:PC infected with samuk, WebToolbar.Win32.WhenU.u & Backdoor.Win32.Hupigon.jfsf

BUMP please

Read other 19 answers
RELEVANCY SCORE 46

Hello, I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot disk it does not recognize my hard drive so ... Read more

A:2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Probably you best chance is to submit a HJT logPlease read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another r... Read more

Read other 3 answers
RELEVANCY SCORE 46

I have already scanned and fixed my notebook for spywares using ad aware se and sbc yahoo! anti-spy. But i still got pop ups and system alerts saying that i have spywares on my computer and my internet explorer browser is still internet security. And everytime i run sbc yahoo! anti-spy, i always get the same spywares and when i click on remove all, it is removed but when i run it again, the scaan results is the same. Please help me. Attached is the copy of the log created using HijackThis. Thank you.Logfile of HijackThis v1.99.1Scan saved at 12:02:06 AM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dcomcfg.exeC:\WINDOWS\system32\atmclk.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files ... Read more

A:Infected With Trojandownloader.win32.zlob.ci And Trojan.win32.startpage.adh And Spywarequake 2.0

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 5 answers
RELEVANCY SCORE 46

Hello, I was told to post here by the moderator. Here's the scoop: I was infected with a virus and didn't have any protection on my PC. I went out and bought Kaspersky Internet Security 2009. My original problem was that the virus was not allowing me to surf the internet with out popups and redirects. After running the Kaspersky software it cleaned up a bunch of issues but has gotten to a point were it cannot clean the last two issues. It recognizes them and marks them for deletion but asks me to reboot in order to delete. After I reboot it just finds the viruses again and I repeat the process endlessly.

I went through some troubleshooting steps with a Kaspersky rep and she decided that she had exhausted all options and asked me to format the computer. That is not an option and I don't believe that there is no hope of cleaning the virus. I am in need of someone with a little more expertise and vigilance.

The two issues are described below as listed by the Kaspersky software:
1. Trojan-Cliker.win32.delf.cbe - Object: C:\windows\system32\gznvqkei.dll
2. Rootkit.win32.Podnuha.a - Object: System Memory

When I try to manually delete the gznvqkei.dll file I get an "Access Denied" error.

The Kaspersky rep did have me run the combofix software but it did not solve the issue. She had me run a custom script from within the AV software that was designed to delete the troubled files to no avail. She also had me create a boot disk but when using the boot d... Read more

A:2 Infected - Rootkit.win32.Podnuha.a and Trojan-Cliker.win32.delf.cbe

Hello dmacc01.If you still have the same issues, you may consider the following. But first, be absolutely aware that having the system without an antivirus program is an extremely dangerous thing.Let's have you create a restore point (at this time). 1. Right click the My Computer icon on the Desktop and click on Properties.2. Click on the System Restore tab.3. If there is a check mark next to "Turn off System Restore on all drives", then click on the line to clear it.4. If C is your system drive (as it is in most cases) and you see other drives monitored in the list (like D, E, etc) click on the other drives, press Settings button, and get the other drives turned off.5. we only want to monitor the drive with Windows o.s.If you are unable to activate System Restore or if the service is disabled, then.....from the Start button > RUN option .... type in services.msclook for System Restore serviceIf it is listed as off or inactive, press on the link at top left to Start it.Next, See and do as outlined here http://bertk.mvps.org/html/createrp.htmlAfter that, also do this:1. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT... Read more

Read other 4 answers
RELEVANCY SCORE 46

Hi guys, recently i downloaded an .exe game which had malware on it. As soon as i ran the program i was bombarded with warning/notices saying i have the win32/heur, win32/virut and many other trojans. I closed all programs and immediatly ran avg 8.5 scan. It detected 276 infected files. It healed many files but 46 weren't healed. These were either win32/heur or win32/virut. The next day i installed malwarebytes anti malware and spybot search and destroy. I ran both these scans AND the avg scan. They all detected different threats and were removed but win32/heur and virut remain. I rebooted my pc and avg did an automatic scan before i got to the desktop. Meaning i didn't get to my desktop yet avg was running a scan. When i was able to go into my desktop the taskbar and desktop icons were missing. I was only able to use m pc via taskmanager. Now i still have the 46 infected files which cant be removed and my taskbar and desktop icons were gone. I tried to run explorer.exe but it ddnt work because "system cannot locate file" please help!!

The 46 infected files are windows32 files. Probably registry files so it cant be removed. I have winxp and atg 8.5. +malwarebytes and spybot

A:Hardest problem - Computer infected with Win32/heur and win32/virut

Hi,

I would like to first confirm if you do in fact, have virut.

Please do the following:
Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:Download VAPrep.bat and save it to your Desktop.
Double-click VAPrep.bat to run it. It will only take a moment to complete.
When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
Next, please go to this webpage.
Browse to the VAPrep.zip zipped folder you just created.
Click Send File.
Once d... Read more

Read other 4 answers
RELEVANCY SCORE 46

Hi I got malwares from videocodec installation. Here are symptoms:1.I have been recieving internet explorer pop-up to the site "yourprivacyguard.com" and "pcsecuresystem.com". 2. Also, Kaspersky detected that my computer has been trying to download something from "http://www.thenetworkcom.com/get-last-update.php?sid=502&aid=610&said=0&pn=5&config=cb" (from the report about 4-8 times every minute). 3. There are fake windows security alert pop-ups saying something that my computer is infected malwares and I need to download program to clean them. 4. My desktop wallpaper changes to some form of a warning sign against a red backdrop (which could be closed when I mouse over the top right hand corner and click on the 'x', after which my wallpaper re-appears)5. 3 web short cuts appear on my desktop labeled Error Cleaner, Privacy Protector, and Spyware &Protection which re-appear everytime after restart.6. There are new internet explorer toolbar: The nssfrch7. The process "explorer.exe" consumes almost 100 percent of cpu and this slow down my computer significantly.I used Kaspersky internet security 7(my anti-virus software), Ad-Aware2007 and Search and Destroy(as suggested by this site) to detect and fix these problems. These fix almost all problems (probem number 1, 3, 4, 5,7). However, problem number 2 is not fixed as Kaspersky still keep reporting that there are contacts between my computer and the site "http://www.... Read more

A:Need Help! Malware Win32.agent.lf, Win32.zlob.cpx. Infected From Videocodec Installation

Welcome to the BleepingComputer HijackThis Logs and Analysis forum nunueng My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix an... Read more

Read other 9 answers
RELEVANCY SCORE 46

According to AVG I'm infected with Clicker.AAFT which appears as c:\windows\fonts\services.exe. Task Manager always has at least 2 of these additional services.exe running.I used to have Norton antivirus running but the virus broke it and i couldn't re-install it. I bought the Kaspersky Labs virus scanner but that to would not install. it looks like this virus has changed the "rights" of some objects. The only virus scanner that would install and work was AVG.I tried to re-install service pack 3 thinking it would possibly overwrite some of the virus infected files but I got an "access denied" when I tried to start installing... ARRRRRRRGGGGHHHH!!!!Any help would be much appreciated!/Blair Here's my DDS log: DDS (Ver_09-06-26.01) - NTFSx86 Run by Blair at 15:18:10.15 on 2009-07-11Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2127 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\sv... Read more

A:Infected with Clicker.AAFT Win32.Delf.rtk Win32.Agent.atta

I just noticed that I'm also infected with Virtumonde in
C:\WINDOWS\system32\sopidkc.exe

/Blair

Read other 15 answers
RELEVANCY SCORE 46

Hello!I have trouble with my computer. I found this forum online and now I hope that you can help me. I suspected that I had a virus so I installed a anti-virus program. It found files with the names virus.win32.sality.k and trojan-proxy.win32.agent.II on my computer. After desinfecting those files I always got an error message when I turned the computer on. It kept telling me: file vmmdiag32.exe cannot be found. Then I found this forum and saw that other people had the same problem and that this is still a consequence of the virus. I don?t know how to get rid of it.Then I found your preparation guide for use before posting a hijackthis log, and checked my computer with the programs you adviced. Now that errormessage has disappeared, but I have the impression that my computer doesn?t work properly anymore. It?s getting slower and the anti-virus programm always finds new infected files. Sometimes when I turn the computer on it gets stuck while it is booting up and I have to press F1 to continue.Now there?s a problem with the audio too - I don?t know if it is also a result of the virus. It tells me: bad directsound driver. please install proper drivers or select another device in configuration. error code: 88780078. and the only sound the computer makes is a terrible peep sound.I have never had a virus before (I didn?t have internet on my computer), so I?m a little bit helpless and I would really appreciate it if you could help me.I also did the Hijackthis. here is the res... Read more

A:Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii

Hi schag1,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 6 answers
RELEVANCY SCORE 45.6

Hi guys need some urgent help....i have AVG 8.5.427 free edition installed on my system ,wherein the operating system is Windows XP Profesional .....i ran a scan on my system and the scan reported Trojan Horse Generic11.ATHC and the resident shield log reported the remaining viruses(Worm/Downadup,Win32/Virut,Win32/Cryptor).I deleted the corresponding folders but still the system is very slow.It would be of immense help if anybody could provide expert advice on this matter.I am providing the hijackthis log herewithLogfile of Trend Micro HijackThis v2.0.2[/u][/u]Scan saved at 4:18:32 PM, on 12/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exeC:\WINDOWS\system3... Read more

A:Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

Greetings. Boy, did this machine step in a big puddle of sh*t!Current problems: Google search redirects to other search engines Machine will not run Windows update - page fails to load Machine will not update MS Secirity Essentials Firewall frequently will not start (MS Firewall service)--------------------------------------------------------------History:Machine HAD Mcafee A/V Corporate edition 8.5i & Spyware plugin (for all the good it did)Machine displayed fake A/V popups (I didnt notice which)Machine displayed google redirectsRan Malwarebytes and deleted 100+ problems, categories included: backdoor.bot hijack.user.init rogue.antivirussuite.gen broken.opencommand folder.stolen.data spyware.zbot spyware.passwords trojan.hiloti trojan.dropper rogue.wireshark rogue.antivirusThe names were: Win32/Alureon.H, Win32/Hiloti.gen!D, Win32/Meredrop, Win32/IrcBrute, Win32/FakeCog, Win32/FakeScantiUninstalled Mcafee AV (since it allowed the junk in the first place)Ran current Mcafee stinger to look for issuesRan TFC.exe to clean out the temp foldersInstalled Microsoft Security Essentials (MSE)Scan with MSE showed Hiloti virus - successfully quarantined *MSE Update fails - "Virus & SPyware update failed | Ox80072EFE | MSE wasn't able to check for Virus and Spyware definations. Make sure your comuter is connected to the internet and try again"*Windows Update fails "IE Cannot display t... Read more

A:Severly infected - Win32/Alureon.H, Win32/Hiloti.gen!D, /Meredrop, /IrcBrute, /FakeCog, /FakeScanti

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 18 answers
RELEVANCY SCORE 45.6

This topic has a bit of history, if you would like to see it, the thread is
 
http://www.bleepingcomputer.com/forums/t/512145/strange-disk-behavior-and-win32zperm/
 
I had been using AVG internet security as my primary defense and Ad-aware anti-virus in its compatibility setting which Ad-aware says is okay with AVG.  I also use WinPatrol and SpybodSD's tea timer.
 
There was an infection a month or so ago that I thought we had delt with but now I am not so sure.
http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
About a week ago my primary hard drive started giving a "boot disk not found error".  I ran chkdsk and it seemed okay.  I got the error a second time the next day, powered down the computer and rebooted and have had no problem since.
 
However, yesterday I got a recurring virus detection of win32/zperm from AVG.  I cleaned it several times and it came back.
 
Next, WinPatrol gave me messages that AdAware AV, WinPatrol, Spybot Search and Destroy Tea Timer, AVG Toolbar and RTHDCPL.exe had been removed from my startup.  Since that time I have had no virus detections.
 
On instruction by the previous person, I removed AdAware AV, Gomez Peer, Antimalware engine (a part of AdAware), uTorrent and some other things.
 
The AdAware AV. I had a tremendous amount of trouble removing.  I uninstalled, deleted the folder, scoured the system every way I could th... Read more

A:Virus scanner probably not working and have detected zperm in the past

Your previous logs are clean.Totally uninstall [Ad-Aware], using the Revo Uninstaller.Download and run the free version of Revo Uninstaller.Select [Ad-Aware] and click Uninstall.Set it to 'Advanced' and click Scan.Revo will do this:Step 1. Create restore point.Step 2. Run the official [Ad-Aware] uninstaller.Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).Reboot if asked to.===Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Re... Read more

Read other 13 answers
RELEVANCY SCORE 45.6

hi, my sister recieved an email from her fellow student mate and thought it was crucial and as soon as she opened the email she started to experience anti malware doctor software pop up saying you have recieved threats click yes to remove and so on. ive tried to uninstall that program from safe but it comes back again everytime i log on to desktop. also my avg 9 is picking up loads of the trojan horse cryptic.apo file in the temp folder but canot delete it , it says " interupted by user" and keeps multiplying. i cant seem to surf the net on windows explorer it says page unavilible but i can go online with skype and other messengers. the anti malware doctor pops up every now and then. just cant seem to remove the trojans and anti malware doctor software. ive tried anti malwarebyte in safe mode it found few objects but after restarting to desktop the anti malware doctor automatically installed again on the laptop. ----------------------------------DDS (Ver_10-03-17.01) - NTFSX64 Run by vedika at 1:45:44.03 on 20/07/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2006.619 [GMT 2:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files (x86)\AVG\AVG9\avgchsva.exeC:\Program Files (x86)\AVG\AVG9\avgrsa.exeC:\Windows\... Read more

A:infected with anti malware doctor with trojan horse cryptic.apo and win32/psw.wow.now and win32. fraudpack. bagn

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

Here is the history of the problem:Two days ago using Firefox I entered a google search and a page came up explaining that I most likely had some sort of malware and they were blocking my search due to automated searches coming from my computer. The google page suggested I check with an Adware program. I did use Ad-Aware and it found and removed Win32.Worm.LovGate. However this hasn't appeared to be the end and my firefox has not been running as normal. I am vague on what else has tipped me off as to a continued problem however here are some other things I have noticed:This website : <http://maplestreetpress.com/book.cfm?book_id=44> redirected itself all day yesterday to another website in turkish I believe.Again my firefox seems to be running slower than usual, for instance I closed it sometime yesterday to again run Ad-Aware and it took forever to close and I was unable to use Ad-Aware to manually update a virus definition file until I used CNTR-ALT-DEL to end firefox.I think I perhaps this program I also used after searching my worm came up with a removal software:<http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/>While installing my McAfee deleted "Generic PWS.y (Trojan) from c:\documents and settings\...\virus removal tool\is-0CI9R\is-1DDDQ.tmpI have now downloaded the 8.0 version of Ad-Aware and just run it and it found and got rid of the Win32.Iroffer.1227 worm but the previously mentioned website problem has now just now ... Read more

A:Infected with Win32.Worm.LovGate then Win32.Iroffer.1227

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Problems:1) I keep getting pop-up and sometimes links redirect me to other sites, often ads.2) It makes my computer slow down drastically : Windows crashes most of the time when i change user and the gmer scan crashed 5times before i could get it done. 3) One pop-up in particular (that would be the trojan clicker) tries to lure me to download an antivirus because it simulates the window control pannel so that i think it's windows that's asking me to download an antivirus.What i've already done:1) Nod32 alerts me that there's a trojan every 10min but when I put in quarantine the trojan seems to duplicate and the alerts juste keep coming.2) I scanned with : Ad-aware, spybot : search and destroy, docor web (in safe mode), malwarebytes anti-malware, nod32It did a full scan with each.3) When i scanned with spydoctor in safe mode it crashed at the end and two infections could not be treated : C:/program files/eset/infected (quaratine of nod32) and c/documents and settings/username/local settings/Anplic/mozilla/firefox/profiles/2cpk5271.default/cache4) After the spydoctor scan nod32 detected a second infection (Olmarik) and nod32 can't get rid of itLogs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Gilles at 18:47:41,28 on lun. 26/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP ?dition familiale 5.1.2600.3.1252.32.1036.18.2030.1342 [GMT 2:00]AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D3... Read more

A:Infected with win32/Olmarik.VM Patched and Win32/TrojanClicker.Delf.NJE

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 45.6

Hello,
We have a small office with a Dell Poweredge 2950 file server running Ubuntu 10.04.4. It is on 24/7 and wired to several workstations running Window 7 Pro, Windows 8 Pro, and Windows 8.1 Pro. The only antivirus in use on these workstations is Microsoft Security Essentials or Windows Defender.
 
Several days ago, a Full Scan in Defender detected these 2 items:
Worm:Win32/Autorun!inf (file:Z:\FolderA\autorun!inf)
Worm:Win32/Fakerecy.A (file:Z:\FolderA\Recycled\ctfmon.exe)
FolderA is a shared network folder/drive residing on the file server, which is also shared in its entirety as drive Z.
Defender's suggestion is to remove them, so they were removed.
 
However, scanning again immediately afterward, using MSE or Defender, shows the same two worms. Webroot, Avast, Kaspersky, Panda, Malwarebytes were also tried, but either did not detect the worms (though some of those programs may not have the ability to scan a network drive) or removed them only for the worms to reappear, as MSE and Defender.
 
Local scans of several Windows 7 and Windows 8 workstations were done, but the worms are not detected locally in drive C, only in the shared FolderA on the file server.
 
How should I go about removing these worms?
 
Thank you

A:File server infected with Win32/Fakerecy and Win32/Autorun!inf

Hi. Firstly please read and respond to the below:
 
Company Computers
 
Since this is a company computer, you may need to obtain permission to carry out the steps I give to you. We will be making system-wide changes to this computer which may be against your company's IT policy. Such action may result in disciplinary action being taken against you. I must stress that I, in no way, accept liability for this or for any unforeseen eventuality as a result of the instructions I give you (including, but not limited to, data loss).
 
In addition, if your company has an IT support infrastructure I urge you to contact them to resolve your issue - it's what they're paid to do; whereas I volunteer.  
 
In order to continue to receive my help I would like you to confirm that you have the authority to work on the PC and that you accept my conditions.

Read other 4 answers
RELEVANCY SCORE 45.6

Hi, Below is the log of the HijackThis which I ran as per the instructions on your website. I am currently running spydoctor which finds the infected files and apparently fixes them, but then they return almost immediately. I run ZoneAlarm firewall and AVG antivirus along with aol, if that helpsPlease help as this is driving me mad Logfile of HijackThis v1.99.1Scan saved at 20:16:06, on 04/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/2/hi/uk_news/default.stmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEC05.tmp (file missing)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files... Read more

A:Infected With Trojandownloader.win32.zlob.ci & Trojan.win32.startpage.adh

Hello,Your previous log is not complete... I am missing the running processes part, so make sure you are running HijackThis from a permanent folder and not from a temp folder.It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpEC05.tmp (file missing)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files�... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Deckard's System Scanner v20071014.68Run by rad on 2008-05-21 08:51:36Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 5.2 GiB (less than 15%) free.-- HijackThis (run as rad.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52:58, on 2008-05-21Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\oodag.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\... Read more

A:Infected With Adware.win32.insider.d & P2p-worm.win32.kapucen.b

Hello Paularden and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

Read other 6 answers
RELEVANCY SCORE 45.6

Hi,
My computer is infected by the Win32:Trojan-gen and Win32:Trojano-3238 viruses.
There were detected by theAvast! antivirus and this one cannot do nothing: not delete the infected files, nor repair them or "move them to the chest".
Does anyone know how to repair this infection?

A:Infected by Win32:Trojan-gen and Win32:Trojano-3238 Viruses

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that e... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

I use ESET NOD32. At startup it detects the win32/Kryptik in a start-up scan and later mentions the Win32 rootkit running in memory. The scan log shows that it has detected this on each startup but it cannot delete because files are locked from removal. I have not been able to tell what file NOD is trying to find. Below is last log file post: This same message is repeated in numerous 10+ restarts in the past 24 hours.

5/19/2009 8:25:51 PM Startup scanner file \\?\globalroot\systemroot\system32\gxvxctxujtymqsiltimrpcilnqyirvmqgrlhk.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined
5/19/2009 8:25:46 PM Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean

I have run ESET in safe mode. It didnot do anything to eliminate the problem. Windows Defender has apparently not done anything either. Finally, I tried windows malicious software removal, but apparently it could not do anything either.

Main problem I notice is delays in internet usage. Happens both in firefox and ie. I changed DNS settings from automatically detect to a fixed DNS setting from earthlink.net. Still same slow down in internet usage.

Appreciate any help you can give. I have tried to find bad file, but to no avail.

Thanks
===============================================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Pop at 21:38:42.70 on Tue 05/19/2009
Internet Explorer: 7.0.... Read more

A:Infected with Win32/Krptik.PF and win32/Rootkit.agent.odg.trojan

It now looks like I may have been able to repair my problem. I used a somewhat, haphazard, unguided approach to removal. The final solution came from AVG Rootkit removal ( http://download.cnet.com/AVG-Anti-Rootkit-...4-10662685.html ). Here is a list of all the steps I attempted. I was worried at times I could have hurt my system, but then I would have had to reinstall the OS. But, on the other hand, some internet posts I read were saying that was the only way to repair the situation. So, desperation took hold. I found my reinstall disks, just in case I needed them and proceeded. ATF Cleaner -- Who needs temp files anyway, especially if they might have trojans, I eliminated temp files this program would find.CC Cleaner - used this to clean out internet cache and history.Recycler folders - I had multiple recycler folders, one that had a rundll in it. I assumed you only have one recycle bin so you only need one of these folders. I had to reset the folder view options in exlorer to see all files and folders (hidden, system, etc.) I deleted the extra recycler folders I could find.System Restore - I turned off system restore. This would erase all the previous positions I had saved. This meant I could never go back to a prior position where my computer was running good, but I didn't know how to find out if I had virus/trojan in one of these saved files I then immediately turned back on the system restore after the old restore files were deleted.b]Windows defender[... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

My computer is infected with Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent. I've been trying to remove them with Ad-Aware but they re-install themselves. I've downloaded numorous other malware removers but the malware seems to disrupt / won't allow them to install or work. This includes the root repeal program mentioned in the preparation guide. When I attempt to run root repeal I get the following error:

04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)
04:03:06: DeviceIoControl Error! Error Code = 0x1e7
04:03:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)

The most annoying thing that is happening is when I go to google something, it will redirect me to somewhere else or will throw random pop-ups at me every now and then. Also, I tried to reformat / re-install a fresh copy of Windows Vista but it seems this piece of malware makes it impossible to boot from disk.

Thank you in advance for your assistance!

Attached below is my dds.txt log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff at 3:59:19.84 on Fri 08/28/2009
Internet Explorer: 7.0.6000.16890
Microsoft? Windows Vista???? Home Premium 6.0.6000.0.1252.1.1033.18.2046.1362 [GMT 9:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\... Read more

A:Infected With Win32.Trojan.Tdss and Win32.TrojanDownloader.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

m ades, windows xp sp3
to whomever can help- i tried to remove some viruses
using info from bleeping, but am not having any luck.

i downloaded a file that i thought could help me on another
matter, but it had a virus that zone alarm's active scan did not
catch.

it was a rootkit virus. i tried tdsskiller several times as well as
malwarebytes, and thought i finally got rid of it. then another
virus popped up despite my not having connected to the internet.

another was this patch virus that kept redirecting my opera
browser. malwarebytes did not see this, but zone alarm did.
i tried to get rid of it and used tdsskiller, and thought i did.
i had to keep switching between safe mode and
normal mode to do it. i had no problems for two weeks, then
both seemed to pop up again. my guess is that i never
actually got rid of them. i tried zone alarm, malwarebytes,
and tdsskiller over and over again, with no luck. then my
ability to connect to the net went away. i gave up and restored
my hdd using the file i made just after i thought i had gotten
rid of the problems, so that though i would still have the viruses,
i would get back the net. using tdsskiller and malwarebytes
still did not work, and a new virus showed up. .

i'm including the logs from zone alarm, malwarebytes, and tdsskiller.

i would really appreciate help.

first to show up. used tdsskiller, seemed to be removed, kept showing back up.

(Forged): C:\WINDOWS\system32... Read more

A:infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Sh...

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

Read other 70 answers
RELEVANCY SCORE 45.2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

A:Infected with: win32/olmarik trojan ; browser redirect (Google, bing, yahoo) ; variant of win32/injector.HCW and surely more th...

No problem, i saw you have lot of work here....Well... Logs:dds.txt.DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23Run by Administrador at 16:48:33 on 2011-06-29Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.2045.1175 [GMT -3:00].AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}.============== Running Processes ===============.C:\ARCHIV~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXEC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Archivos de programa\Bonjour\mDNSResponder.exeC:\Archivos de programa\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Archivos de programa\Java\jre6\bin\jqs.exeC:\Archivos de programa\MySQL\MySQL Server 5.1\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PSISer... Read more

Read other 19 answers
RELEVANCY SCORE 45.2

hi

I seem to have been infected by some kind of virus/trojen...as of yesterday evening radom internet explorer windows would open up (nothing on firefox)...i proceeded to uninstall internet explorer 7. Then i started getting alert windows from windows defender telling me it had found -

1) trojendownloader:Win32/small.gen!D
2) trojen:Win32/Vundo.BR

i ran a scan using AVG 8 (free version) and though it seemed to find these trojens, on restarting the laptop, the same windows defender alerts were displayed and i had 2 RUNDLL error messages -

1) error loading C:\WINDOWS\Pvici.dll the specified module could not be found
2) error loading C:\WINDOWS\zutibeki.dll the specified module could not be found

on the advice of a friend i downloaded and ran a scan using "Glary Registry Repair" but once again on restarting the computer i had all the above mentioned error messages and alerts. PLUS i now have a red circle/white cross icon in system tray and i have lost my desktop wallpaper...all i have is a black background

pls advise on how i can things back to normal...many thanks for your time and assistance


DDS (Ver_09-03-16.01) - NTFSx86
Run by ahansraj at 23:45:52.85 on 23/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.317 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WI... Read more

A:computer infected by Win32/small.gen!D and Win32/Vundo.BR

Hello Golo and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!If ComboFix does run it's full circle, the please try to install Avira An... Read more

Read other 8 answers
RELEVANCY SCORE 45.2

Hi I have been overrun with adware etc in the last month or so. Have run through the steps in your preperation guide. Any help much appreciated.Thanks DaveLogfile of HijackThis v1.99.1Scan saved at 12:59:22, on 16/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\SMSC\Seticon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeC:\Program Files�... Read more

A:Infected With Win32.delf.trojan.b And Win32.centim

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:Daily Weather ForecastThen reboot your computer.Step #2Scan again with HijackThis and check the following items:O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exeAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #3We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide file extensions for known types option.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Step #4Reboot Your System in Safe Mode:Restart the computer.As s... Read more

Read other 9 answers
RELEVANCY SCORE 45.2

I have tryed to scan computer with Spybot S&D, Ad-Aware, and AVG 8.0 but nothing changes. Pleas can anybody help me?
DDS (Ver_09-07-30.01) - NTFSx86
Run by Issi ja Inno at 19:28:12,59 on L 08.08.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1257.372.1033.18.511.290 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Mess... Read more

A:Infected with Win32.Delf.uc , Virtumonde.sdn, Win32.Viru.bg

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

Hello everyone and thank you.I've ran Malwarebyte's Antispyware, AVG8 and Spybot S&D, but these 2 trojans are still present.I've also done the scans in safe mode, all the same results.Whenever Spybot finishes scaning, tons of TeaTimer windows show up giving me prompts called "SpybotDeletingXXXX". I then run HijackThis and remove the entries associated with that name.Upon a reboot, both the trojans are back and nothing seems to have worked.Here's the DDS log:DDS (Ver_09-03-16.01) - NTFSx86
Run by Lucas at 13:20:06,32 on 07-04-2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.2047.799 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~2\AVG\AVG8\avgrsx.exe
c:... Read more

A:Infected with multiple win32.delf.uc and win32.TDSS.rtk

Hello, lucasfWelcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they d... Read more

Read other 2 answers