Over 1 million tech questions and answers.

More Win32 Trojan Downloaders

Q: More Win32 Trojan Downloaders

I seem to have gotten new threats of win32 trojans on my anti virus software. I have run superantispyware, but it did not dectect any threats. I am running Windows Pro SP2. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

RELEVANCY SCORE 200
Preferred Solution: More Win32 Trojan Downloaders

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: More Win32 Trojan Downloaders

Read other 6 answers
RELEVANCY SCORE 79.2

The following are in the Zone Alarm Pro quarintine:Trojan-Downloader.JS.ListensEvent.b**Trojan-Downloader.Win32.Inject.akvwPacked.Win32.Krap.aeExploit.Win32.pidief.bxlHijackThis Log: (firewall temporarily disabled)DDS (Ver_09-10-26.01) - NTFSx86 Run by name at 13:33:39.39 on Mon 10/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1230 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: ZoneAlarm Extreme Security Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mD... Read more

A:Multiple Infections, 2 Trojan-Downloaders, Packed.Win32, Exploit.Win32, Unknown others

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 10 answers
RELEVANCY SCORE 74.4

Got some sort of nastiness from a .Doc or .Pdf file a few days ago. AVG is calling them Win/32Cryptor, Trojan/Sheur.2, also have had other downloaders although I've got them gone for right now. Also system services seem to have been infected by something that usually has no name on the AVG readout, winlogin.exe, iexplore.exe, svchost.exe, lsass.exe, services.exe. Also have running in my task manager a 3448584324.exe. Note I am in Safe Mode right now. I am unable to get Malwarebytes Anti-Malware to run at all, no matter if I rename, change extension etc. Also My computer is locked in a dumbed down mode where I am unable to rename extensions, but I am still able to run cmd and rename thru the DOS prompt. Regardless, it hasn't worked. I'm calling in the big guns (IE you guys) now because nothing I've got will even run, nevermind work. Also, when initially infected I was unable to get anything to work, constantly would get iexplore.exe errors, saying Windows is shutting down this program, send message to Microsoft blah blah and would constantly cycle and appear to restart explorer. I was able to get those out for the most part with AVG in safe mode but in my past few days of trying to my fixes with redownloading and reinstalling AVG and MBAM it would occasionally come back and start doing the same iexplore crashing again and would require AVG runs again to remove, unfortunately to don't have those logs. Also have the browser redirect problems I've seen on here numerously where ... Read more

A:Win32/Cryptor, Trojan/Sheur.2, downloaders

After much frustration I went and followed another similar thread, used combofix, which removed a rootkit UACwxdunwmc.sys among other UAC files in windows system, which allowed me to get MBAM running, which allowed me to get superspyware going. So those logs are definitely too old to use. Latest MBAM from today shows nothing. Here are my last couple logs tho until it ran clean. Superspyware hasn't run clean yet, tho I haven't run it again after last MBAM, so here is that log. Currently running Kaspersky Online scan. I realize that some of these logs won't help and will need another one for assistance, just wanted to attempt to get interest and help since was unable to at first. Firefox is still running pretty crappily, memory hogging way more than I've seen before at about 136,000k and fluctuating wildly. Stuttering graphics are also noted. Haven't tried to play any games or had real time to sit down with it since clean to check other problems but my browser redirects are apparantly gone as of right now. I will update this when the Kaspersky scan completes.http://www.superantispyware.comGenerated 04/02/2009 at 03:08 AMApplication Version : 4.26.1000Core Rules Database Version : 3824Trace Rules Database Version: 1780Scan type : Complete ScanTotal Scan Time : 00:58:17Memory items scanned : 416Memory threats detected : 0Registry items scanned : 5947Registry threats detected : 3File items scanned : 28095File threats detected : 7Rogue.Component/Trace HK... Read more

Read other 12 answers
RELEVANCY SCORE 72.8

I found 2 trojan downloaders in my java cache.One was in C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-2e07a6fb.idx (This was a ZIP file) that I deleted..The second Trojan downloader, was in, C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\30b71c26-17418 c 48[/color] (this was not a zip file) I flushed my java cache and this one went away. I also found (AdWare.Win32.SearchIt.t) in this file(C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE) I dont even use Aol, so i was wondering if i could delete this file's main folder with out doing much harm. Sometimes my computer is just fine and other times it will barely start up correctly.I don't know if it will help but,when I start up, my program files page opens up? I'm not sure why. If you could help I would be tremendously happy! None of my spyware\antivirus found any of these. the Kaspersky scan was the first program to find any thing.Would that be a wise choice to purchase(Kaspersky),or is there something better.Currently i am using Mc Afee, Spybot, and Xoft spy with Reg Cure. Thank you in advance for your time and effort!!!! KASPERSKY ONLINE SCANNER 7 REPORTSunday, November 30, 2008Operating System: Microsoft Windows XP Home Edition Servi... Read more

A:removed trojan downloaders\infected with AdWare.Win32.SearchIt.t

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part... Read more

Read other 30 answers
RELEVANCY SCORE 58

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 56.4

Hi, here is my problem. Everytime I download some movies or other things by opening my computer overnight, it must pop out a error window said:-C:\Documents and setting\KkianN\Desktop is not accessible.Not enough quota is available to process this command.The icons only left on my screen were My computer,my network places and Internet explorer. When I refresh my computer, it came out the same message again.(this problem was occured when I opened my computer overnight by using Thunder5 this software to download things)When I tried to shut down, a message said You do not have permission to shut down this computer.When I tried to use windows task manager to shut down,once i click Ctrl+Alt+Del, an application error message came out said:-This application failed to initialize properly(0xc000012d). Click on OK to terminate the application.Then I just can reset my computer.Actually I have posted in BleepingComputer.com > Security > Am I infected? What do I do? there.Then I followed the instruction in "Preparation Guide For Use Before Posting A Hijackthis Log". Unfortunately,i can't finish all the steps there. For step 4, I can't remove win32.generic.pws,win32.trojan.psw.delf and Win32.trojan.pws.onlinegames by using Ad-aware 2007. While scanning by using spybot,it stuck while scanning.After that suddenly pop out a window said:-Spybot-Search and destroy has detected an important registry entry that has been changed. Category: System Startup global entr... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

Read other 1 answers
RELEVANCY SCORE 56

Getting pop ups. Virus software detects problems but cannot fix them.AdAware detects "Purity Scan"Spybot cannot fix:DeskbarDownloader.Tsupdate.LHousecall froze while attempting to delete these problems:TROJ_DLOADER.BSKTROJ_GenericADW_Mediamotor.lTROJ_LOWZONES.AKADWARE_BEGIN2SEARCHADWARE_SAFESURFADWARE_MEDIAMOTORHere is the Log from BitDefender:C:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Infected with: Trojan.Downloader.YMC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Suspected of: Trojan.Downloader.Small.BCBC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) Infected with: Trojan.Lowzones.CZC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>... Read more

A:3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 11 answers
RELEVANCY SCORE 56

hi , kaspersky scan(included at the end ) came up with a few infections, please help me with removal logs:Logfile of random's system information tool 1.04 (written by random/random)Run by Yanai Michael at 2008-12-14 13:16:05Microsoft Windows XP Home Edition Service Pack 3System drive C: has 4 GB (9%) free of 53 GBTotal RAM: 1526 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:16:16, on 14/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft LifeCam\... Read more

A:got Trojan.Win32.Agent.asvc Trojan-GameThief.Win32.Magania.amrr Worm.Win32.AutoRun.trh

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do... Read more

Read other 7 answers
RELEVANCY SCORE 56

After start the laptop, (hidden) host.exe is consuming a lot of resources until crash. I can see and kill it with procesexplorer from Sysinternals.
I can't activate Windows Firewall, Malwarebytes show an error at coomputer start up and more...

When I start GMER it shows an error, it is attached.

Here the logs of DDS and GMER:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by sebastian at 16:41:18 on 2012-03-19
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.54.1033.18.2925.1107 [GMT -3:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.ex... Read more

A:trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q

Hello sebamobile, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.

Read other 14 answers
RELEVANCY SCORE 55.6

Help pls!! I've picked up and can't get rid of several Trojan Downloaders:

Downloader.Dyfica.3Al
.Small.41.J
.lstbar.AP
.lstar.9D

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sahagent.exe
C:\Program Files\180searchassistant\sais.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h... Read more

A:Help!!! Trojan Downloaders

Uninstall the following from Add/Remove Programs:

180solutions
PowerScan
SurfAccuracy
YourSiteBar
--------------------------------------------------------------------------
Download: Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Reboot.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup,... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

So I've started cleaning some trojan downloaders out and cleaned out some. Would much appreciate help in eliminating what seems to be remaining in part or full form. Things are much improved now, much less pop-ups, but the concern remains that there are still infections. Running for instance system doctor suggests I have a few items still going, not sure if I may clean these myself or it is worth buying that version to help. Much appreciation for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:25 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Trojan Downloaders And More!

Hello iwon,Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Read other 33 answers
RELEVANCY SCORE 55.6

Lol, for a little while i've been getting this Trojan Downloader alert coming from the AVG Anti-Virus folder. I've let it sit for a while, i've scanned and such, and i've tried to handle it myself by healing, sending it to the virus vault, etc, and trying to get it to go away just with having AVG handle it. It hasn't really worked, and I don't want to make the problem worse, so I've come to Tech Guy. :3

Here's the HiJackThis log.

MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi... Read more

A:Trojan Downloaders. :3

Don't mean to be a bother, but the topic nearly dissapeared. Just trying to get it back up, but I don't want to spam.
 

Read other 2 answers
RELEVANCY SCORE 55.6

I'm having trouble with a whole bunch of trojan downloaders and I'm not sure on how to get rid of them.
Trojan-dropper.win32.agent.hl
Trojan-downloader.win32.qoologic.v
Trojan-downloader.win32.apropu.ae
Trojan-downloader.win32.agent.qg
Trojan-downloader.win32.qdown.z

Here is my hijack this log. I hope someone will be able to help me. I'm not familiar with trojans, so any help would be nice.

Logfile of HijackThis v1.99.0
Scan saved at 9:10:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\Comm... Read more

A:Trojan downloaders

Read other 7 answers
RELEVANCY SCORE 55.6

Hey everyone, lately there has been a slowdown in my computer and alot of bad possesses.

A:Trojan downloaders?

In order to assist you effectively and identify the offending malware, we need more specific information. Please read Before you post about a problem, Some simple guidelines, then reply back here.What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What issues/symptoms of infection do you have?What actions have you taken so far?

Read other 1 answers
RELEVANCY SCORE 55.6

Hi, I have been having issues recently with my Dell laptop. I believe that I opened a malicious file and that I downloaded several Trojans, as that is all my Avast! seems to find every time I start my computer. I don't know how to get rid of them myself and I really need my laptop back! Thanks in advance!KASPERSKY ONLINE SCANNER REPORT Saturday, April 19, 2008 8:34:57 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 19/04/2008Kaspersky Anti-Virus database records: 715149 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWSC:\DOCUME~1\Kristine\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 19811 Number of viruses found 6 Number of infected objects 15 Number of suspicious objects 0 Duration of the scan process 00:24:24 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped ... Read more

A:Trojan Downloaders And More

Hello vidakriss,Welcome to Bleeping Computer Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks,tea

Read other 7 answers
RELEVANCY SCORE 55.6

I don't know who to believe. I am running reg cure, webroot spysweeper,defender,McAfee,and windows malicious software removal tool. To start out I noticed my processor was running pretty high from it's norm. I usually use foxfire to log into the net but also use IE for some apps. My IE was redirecting me to a site called mywebsearch.com. I could get on my home page. the is started to do it to foxfire too. Before I lost internet connectivity I downloaded all the programs stated above to run a virus scan. Defender picked up a trojandownloader called win32/small.gen.c, regcure piced up infected registry keys, McAfee would scan then go to blue screen, same with webroot, but it also pics up infected reg keys,shortcuts,ect. and microsoft pics up a trojan called winNT/Alureon.C.
It seems everyday someting else is missing on my computer. I can't run anything from my dvdplayer,process won't start,internet connection is lost, ect. what do I need to do. I can't even dump it and start over. my player won't run now.
I am using my backup computer right now, but it is limited to what it can do.

Almost forgot I am running vista untimate and I do have Hijack This also.

A:trojan downloaders

I was really hoping for some answers to my questions!!!!!!!

Read other 2 answers
RELEVANCY SCORE 55.2

My laptop is running a lot slower than before. Kaspersky Internet Security 7.0 detects lots of malware, mostly trojan-downloaders and other spyware. I choose to delete them, but when I reboot, the same viruses pop up. Also, new viruses pop up too. I've tried using CounterSpy, KIS 8.0, ESET Nod32, but none of them could remove the malware. Please reply. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:23 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\In... Read more

Read other answers
RELEVANCY SCORE 55.2

This is the log created by hijack this, this is also my work computer so I'd like to avoid trouble and get it resolved quickly...I have installed AVG anti-virus and ZoneAlarm firewall and I have run AdawareSE and Spybot Search and Destroy.....Please help me.....Thank youNicholLogfile of HijackThis v1.99.1Scan saved at 9:20:44 AM, on 06/21/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\csasvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\SOUND... Read more

A:Trojan Downloaders And Worms

Welcome aboard, lets get started Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.==Then after that, do the following scan and post the results:Please download Dr.Web CureIt to the desktop:Double-click the drweb-cureit.exe file and allow to run the Express scan.This will scan the files currently running in memory and when something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer!! Because it could be possible that files in use will be mo... Read more

Read other 14 answers
RELEVANCY SCORE 55.2

Here's the Log of my PC(it runs Vista). It wasn't directly infected, but I think a virus may have piggibacked off the infected Tablet on a USB drive I used. Logfile of HijackThis v1.99.1Scan saved at 10:36:49 PM, on 6/16/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\hp\support\hpsysdrv.exeC:\hp\KBD\kbd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Mozy\mozystat.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows S... Read more

A:Infected By Trojan Downloaders on PC

Hi ,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed. And please describe why you think you might be infected and any symptoms you may have.

Read other 6 answers
RELEVANCY SCORE 55.2

Hello, I am an employee at a dental office. One of the receptionist's computer is experiencing Trojan softwares and frequent freezing problems. The computer uses Windows XP Professional and Internet Explorer as its browser. The computer is used for dental office softwares and for researching insurance details on the Internet. When the computer starts, after the login screen, the following error windows appear.Malwarebytes' Anti-Malware is already installed on the computer. However, it would not start up despite multiple attempts.The free version of Spyware Doctor is installed after the appearance of the freezing problems, and found the following spywares.Internet Explorer is also experiencing problems. Not only Google searches are slow, but also clicking on links opens a window either linking to advertisements or to a blank page with this message,Welcome to the MIVA DLL. Please enjoy your stay.Initialization errors: 0 with an URL similar to thishttp://204.137.28.195/bin/findwhat.dll?clickthroughy=52593x=1ZEJg6mkAsVK1apaET9Z54VbiTxZb7FmACEgEgsln2VXTCEnl47iICFmylE:5Tqv96IyQgSmsayKe4ZyylZSpaEYDtI0EN9LNiaIEJE4TNxqTCITslLLM2IQ5Hr;ABsIeTZdTtPA5aZrLarGDgIYt7bspcP2AlxqQCaguct0b4LwbcFFyJIzbufG3 The computer also freezes, and the freezing happens randomly. Sometimes Internet Explorer is running, while sometimes no programs are running at all.The computer is vital to continuing providing quality service to our patients. We appreciate any help Beeping Computer and its staff and m... Read more

A:Freezing with Trojan-Downloaders

The computer also can not create a restore point. It asks for a restart. However, it still does not work after restarts.

Also, the computer frequently freezes before showing the login screen. The computer must be restarted manually.

We value any help available. Thank you!

Read other 7 answers
RELEVANCY SCORE 55.2

Introduction and a little background on the problem:

Hello! I am a new member (thank you, thank you) who is prone to having bad things happen to good computers. Ok ... here it is. I have removed viruses and spyware manually a couple of years ago, but nothing recently. This is not my own computer (but ironically, it is one I am using while my computer is getting fixed).

The other night I was looking at one of those sites for myspace greeting icons. A bunch of windows popped up and as I tried to keep up and X out of each one as the computer's speed would allow, something installed automatically. There was an instruction in the details of the program that indicated that if the program was unwanted, I could go to the website and uninstall it. STUPID, I know .... but I did.

I tried to run an anti-virus scan on the computer as this computer apparently has Norton / Symantec; however upon closer inspection, there were no executable files in the Norton folder. I could not get the computer to scan. So ... I went out and bought a cheap $20 Defender Pro 5-in-1 product from a store and ran a scan.

It detected Spyware AND viruses.

Seemingly I have "WinAntiSpyware" and can't get rid of it. I tried going to the Symantec website and it gave me instructions to remove the 2006 version. I have the 2007 version. None of the keys in the registry matched up with what the website said to remove.

It detected the following trojans:

1- Trojan-downloader.java.openconnection.... Read more

Read other answers
RELEVANCY SCORE 55.2

Hello. I've recently had a large problem with what I think were Trojan downloaders amongst other things. I've followed several of the suggestions on this site and no longer "seem" to have a problem. Previous problems included pop-ups and my Firefox browser trying to connect to a random site. Every time I ran a virus scan it keep coming up with new viruses. However, I think that they may be gone, but I am unsure and could use any help you have to offer. Thanks in advance.I'm not sure what I am doing, but here is my HJT log:(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast)Logfile of HijackThis v1.99.1Scan saved at 4:30:33 PM, on 31/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1&... Read more

A:Am I Clean? (trojan Downloaders Etc)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

Read other 2 answers
RELEVANCY SCORE 55.2

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 55.2

hey can someone plz help me i have a zolob trojan downloader and it keeps giving me nvctrl.exe and mssearchnet.exe and other things i will run the smitrem and everything in windows safe mode it also occasionally gives me spy falcon and i will go through the deleting prccess in windows safe mode and it will be gone for a few minutes but then later it comes right back it shows up on my microsoft spyware remover as spyaxe and trojan downloader i will remove it but it does no good i also use ewido to clean them still no good it goes crazy on ewido. I AM AT WHITS END WITH THIS CRAP.

A:Zolob Trojan Downloaders

You could try A?, a Trojan hunter. Just recommended it a few posts above. Free download.

Read other 5 answers
RELEVANCY SCORE 55.2

I had been getting various error messages when using windows explorer. I also get an error message when trying to use internet explorer. And subsequently can't use internet explorer. The error message looks something like this.Runtime ErrorProgram: C:\\ProgramFiles\InternetExplorer\IExplorer.exeThe application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information.A while later the Mcafee software that I had been using detected a virtumonde virus, but it wasn't able to delete it. I have since unistalled Mcafee and installed the AVG Free edition. I have used the Vundo Fix and the VirtumondeBegone, they removed quite a lot of things in my computer, but I don't think that they got all of it out. So far, after all of this, I have ran the AVG Free antivirus, Spybot, ad-Adware SE, Super AntiSpyware, Ccleaner, BitDefender, Counterspy, and I installed a Zone Alarm Firewall. All of these programs seemed to find and fix different problems. After all of this, Im not getting the error message from using windows explorer, but Im still getting the error message when trying to use internet explorer. The AVG antivirus has been continously finding viruses in my system restore.Here is a recent log from HiJackThisogfile of HijackThis v1.99.1Scan saved at 4:56:55 PM, on 4/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\S... Read more

A:Virtumonde/trojan Downloaders

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

Read other 3 answers
RELEVANCY SCORE 54.4

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 54.4

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers
RELEVANCY SCORE 54.4

This is a business computer on a network- so far it's the only client infected. Several hours of work have apparently removed many infections, only to have some reappear from these infections which I can't seem to lick.I have run Adaware (from Lavasoft), Spybot Search and destroy, Trendmicro's free online scanner, and have since installed AVG anti-virus. Hijack this fails to run generating an error, many websites (including this one) are blocked on the affected client- I have to correspond from another client.Here are my Kaspersky log, followed by my DSS logs.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 18:17:33 Records in database: 981279--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Program Files C:\WINNTScan statistics: Files scanned: 11383 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:36:31File name / Threat name / Threa... Read more

A:2 Trojan Downloaders, Virtumonde, And Possibly More

Hello Justme- and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 16 answers
RELEVANCY SCORE 54.4

Hey guys, listen, I've been a long time fan of this site and what you guys do. You guys are a great help and have helped me greatly in the past, even though this is a new account.

So once again I need your wisdom.

My sister recently downloaded a game from the internet, and I'm sure by doing this, she also downloaded a trojan that came with it.

As I was logging in to my admin account on WinXP Pro SP2, I was greeted by my normal start-up applications and then out of nowhere the command prompt boots up...then a German application pops up (minimized) on my desktop bar...next thing I know McAfee (my anti-virus program) pops up asking if I want to grant the program "Project 1" access to the internet. That's an obvious no. Well McAfee pops up two to three times more prompting the same thing, only with two other programs that I'm sure were viruses/generic downloaders.

So I do my standard clean-up...I run Ad-aware SE Pro, McAfee Anti-Virus '05, and McAfee Anti-spyware. Ad-Aware finished and everything it picked up, I deleted. McAfee anti-spyware finished and I deleted a whole bunch of spyware/adware...pretty standard. McAfee anti-virus pops up with 5 components all which it labled as Trojans or Generic Downloaders. Each trojan, (I believe) was named "Dollar Revenue." McAfee asked me if I wanted to "Clean," "Quarantine," or "Delete" the Trojans. I tried all three options but mcAfee was unable to do any of them. I fi... Read more

A:Generic Downloaders & Trojan Aftermath

Bump.

Read other 6 answers
RELEVANCY SCORE 54.4

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

Read other 1 answers
RELEVANCY SCORE 54.4

THis i the tablet I mentioned in my earlier post. It got infected by which then proceeded to download a bunch of others. THis tablet is running XP.Logfile of HijackThis v1.99.1Scan saved at 10:42:21 PM, on 6/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ccmsetup\ccmsetup.exeC:\WINDOWS\system32\Dashsvc.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Softex\OmniPass\Omniserv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Window... Read more

A:Infected By Trojan Downloaders on Tablet

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing. Here are some great free antivirus programs:Antivir, Avast!, AVG, Bitdefender FreeInstall one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | ... Read more

Read other 25 answers
RELEVANCY SCORE 54.4

Hi...started using this new Anti-Virus tool...AVG. When it ran, says I have 2 infected files, "Trojan Horse Downloaders .Keenval.K" Both from the same game site, both games on my desktop...offline play them all the time...from Game Rival, Skyblocks, Goldmine. AVG directed me to "move to the Virus Vault", quarantine I suppose. When I went to do this, have this error message in AVG that says they both cannot be removed! And no action is taken, still sitting on my hard drive. Norton, nor any other spyware, adware stuff I have going found these, have had the games on my system for about 2 years, if not more now.
My question is: what do I do with these files now? Do I go to Game Rival with this? AVG has no customer support, is a free program, just was trying something new. Now am worried I have these virus-in-waitings.
Wanted to post a "hijack this" log..but for some reason I cannot find the site it is in...even after searching in here...if someone could pass that info along to me..will be appreciated! Thanks for you help with this...really is appreciated...Leeann/parrotplay
 

Read other answers
RELEVANCY SCORE 54.4

Hey guys --

I have a computer that was infected so I did the necessary things to clean it out, or so I thought. I use TrendMicro's OfficeScan on the computer. After cleaning, it did not find any threats, but the next day the threats started at around the same time(noon). It seemed like a downloader since it pulled 20 threats in under a couple of minutes and stopped once I pulled the network cable out. The first day I had a process named 17PHolmes572.exe which had multiple instances in task manager. Cleared those and the next day it became something like b133.exe.bin . And today I noticed a process mrofinu572.exe which I looked up and it said that it was malware. The types of viruses found by officescan are TROJ_VUNDO.BIN, TROJ_PURITY.AD, TROJ_DLOADER.AER, TROJ_RENOS.FV, TROJ_Generic.A, TROJ_ZEROML.BJR, TROJ_DROPPER.AIO, TROJ_DLOADER.HBK, TROJ_AGENT.HGN (Multiple instances of each). Also ran Ad-Aware which cleaned registry infections and possible browser hijacks. I've cleaned with ad-aware, scanned with officescan, cleared temp files and folders and also the ones under Content.IE5 path. A few of the files wouldn't delete under this path so I ended the explorer process and deleted them through the command prompt. This seemed to rid of them. Heres the posting of my HiJackThis log from today. All help is much appreciated . The process C:\WINDOWS\TEMP\XV7FB1.EXE is what OfficeScan uses to redirect an intruder. Something to do with OfcDog.
Logfile of Trend Micro ... Read more

Read other answers
RELEVANCY SCORE 54.4

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 54

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 54

hello. sorry about this mess. im afraid i dont really know what im doing. my nephew asked me to help get rid of a red circle with a white cross telling him he had spyware but its turned into something much worse. he only used windows firewall and nothing else saying he only uses world of warcraft and msn and music and doesnt surf the web!! i tried to scan with avg but it was aborted and the windows firewall was continually turned off no matter how many times i put it on. tried other antivirus progs but all were turned off. eventually i managed to do online scan on microsoft safety centre and deleted quite a few v high threat trojans but many unable to clean. i also ran sophos rootkit and nearly gave myself a heart attack - 938 hidden things that recommend not to clean. i resorted to you now. i followed the tutorial for posting hijack this and here are the resultskaspersky report for critical areas--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Saturday, November 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, November 29, 2008 12:40:36 Records in database: 1426420--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Do... Read more

A:win32/alureon.gen, win32/Eldycow.en!A, win32/Small, win32/Olmafik, winNT/Xantvi.gen!A, Trojan-Game Thief and more

i think i have sorted this. i ran SDFix which cleaned up enough for me to install antivirus. avast caught lots of trojans and i have now been able to onlinescan and spybot s/d etc. all logs now coming back clean so can u delete this post please

Read other 3 answers
RELEVANCY SCORE 54

My computer became infected with several types of things that do not seem to be completely deleted or cleaned by any of the various system scans i have doneOne common thing that my McAfee firewall is repeatedly detecting and removing is the Vundo trojan, which i assume is a result from a trojan downloader that is difficult to removeI'll still get random pop-ups when online and i usually get redirected from my homepage to a random ad site when using Internet ExplorerAny help would be greatly appreciated, thank youHere is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:51 PM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program File... Read more

A:Infected With Virtumonde, Trojan Downloaders, And Adware/ad Pop Ups

Hi,First of all.. I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.Then, I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your s... Read more

Read other 14 answers
RELEVANCY SCORE 54

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00... Read more

A:multiple trojan downloaders and spyware issues

another problem seems to be spamming - can't see desktop for small email boxes covering it 4 fold when net connection active!

need my pc for uni on monday - typical timing!

Read other 16 answers
RELEVANCY SCORE 54

i went through and i scanned using spybot, norton, ad-aware, stinger, bit defender, and i got alot of trojan horses and downlaoaders and some redirected hosts. But im not sure if i got everything.this log is sort of old, nobody responded to my other post about this. (i think i needed a better title)Logfile of HijackThis v1.99.1Scan saved at 12:33:38 PM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) (i need to get ie 7)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files&... Read more

A:Trojan Horses, Redirected Websites, Downloaders

Welcome to the BleepingComputer HijackThis forum shinji1146 Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'. Make sure all browser and all Windows Explorer windows are closed before fixing:O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)Exit Hijackthis.*******************************Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.*******************************Please run this online virus scan:Activescan using Internet Explorer.Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Com... Read more

Read other 9 answers
RELEVANCY SCORE 54

Hi TSG,

I urgently need help: currently both AVG and SUPERAntiSpyware both picking up traces of trojans, downloaders, and tracking/vundo adware. I've already tried using the VundoFix from googling a previous TSG thread, however even after rebooting, removal doesn't work. However, I'll post a fresh HiJack log as well as a SUPERAntiSpyware log, and start from the beginning. Any help would be greatly appreciated! Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:10 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "... Read more

Read other answers
RELEVANCY SCORE 54

Hi,
I have huge problems on my PC.

I am getting explorer windows pop up automaticly to sites like:

http://securityonpage.com/?gai=hamm...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.protectroom.com/?gai=ham...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

and

http://www.savetheinformation.com/v...608_6a295baf 1F5A3DAA18D04B889F591CDD447849B4

also i am getting ballons continually poping up with things like:
System Alert : Melware Threats
Security Alert: [email protected]
System Performance Monitor: Warning (summery system slowed 47%)
Security Alert: Spyware Found - WSA Trojan
Security Alert: Trojan-spyware win32.mx

and error messages like:
Security Warning: New Variant of [email protected] Trojan
Fatel Error! Unhandled Exception: Invalid Operation - Would you like to download latest version of antivirus software?

and these 2 icons keep appearing on my desktop, in my start menu and in my internet Favs. as soon as i link my Local Area Connection
they are : Online Security Guide
and Live Security Warning

It Just won't Stop. every 10 seconds or so, something is poping up.

i see that there is alot of other people with similar probs so i tried a few of the solutions and came up empty handed.

Here is a copy of my latest HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31, on 2007-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDO... Read more

A:Solved: HELP!! Trojan, Downloaders, Worms & Possible Spyware

Read other 15 answers
RELEVANCY SCORE 54

ok i just Re formated my . Dell Computer .

and im getting all pop ups and something downloaded automaticly on my pc after 20 minutes... i uninstalled and deleted in folder by the name of it

Works fine but one thing now

( i got Avast4! btw just downloaded and installed )

most of the time when i click a link i search on google.com like
i search this website

Google.com > Tech Support Guys > then sometimes it goes to a different website then it should go to....

pop ups seem to under control

I blame norton

LOL I JUST GOT A LITTLE ERROR LOOK-A-LIKE POP UP SAYING

Get Free Viagra

.... please fix that lol

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:12 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ju... Read more

A:Popups / Trojan / Virus / Downloaders / THIS IS MAJOR

Read other 10 answers
RELEVANCY SCORE 54

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 53.6

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers
RELEVANCY SCORE 53.2

When I looked into my AVG virus vault today I was concerned to see a series of trojan droppers and downloaders. There were 7 entries, and in order here's how they appeared:
trojan horsedropper.agent.CRO (twice)
trojan horse downloader.agent.INL (3 times)
trojan horse downloader.generic.3NPE (twice)
trojan horse backdoor.generic.2AJH
trojan horse dropper.agent.CRP

then when I ran Panda software these 2 viruses were found:
virus: trj/downloader.MSN
virus: trj/killav.FD (this one is located in the system32 file)

looking for more information on these is like wading through muck...
I have ran the AVG,panda software, adware and hjt and here are the results:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:06 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2ev... Read more

A:Trojan horse droppers, downloaders and backdoor- they all appear in my system

i am still on awaiting some direction please!
 

Read other 2 answers