Over 1 million tech questions and answers.

Generic.dx detected/removed by McAfee, but reappears

Q: Generic.dx detected/removed by McAfee, but reappears

I'm new here and not very computer literate, so I'm sorry if I'm not explaining this right.

I'm running Windoxs XP on a Dell Inspiron E1505 Notebook with McAfee as my anti-virus.

I keep getting pop-ups for Generic.dx trojan through my McAfee Security Center. They say it has been detected and then removed. A few seconds later, the same window will pop up and the process will repeat again. It will stop for 10-15 minutes, then start again.

I've searched for a quick fix, and came across someone elses topic. I read my Java may need updated and soon after, I received notification that an update was available, so I downloaded it.

I then went on to download HijackThis and have run a scan. I have not had a pop up since I updated my Java, but I just want to make sure I am in the clear.

Thanks for any help you can give me!

Here is my logfile for my HijackThis scan done a few minutes ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:58 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 13226 bytes

RELEVANCY SCORE 200
Preferred Solution: Generic.dx detected/removed by McAfee, but reappears

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Generic.dx detected/removed by McAfee, but reappears

Update: I have been on my computer since my first post and haven't had a pop-up about the Generic.dx trojan since about 1 p.m. EST and I have just received the pop up from McAfee again.

Here is what my pop up said:

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Generic.dx (Trojan), Generic.dx (Trojan)
Location: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N97TFJNL\mzx32[1].exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

Read other 2 answers
RELEVANCY SCORE 77.6

Good morning,
I have Windows Vista. I have McAfee and Stopzilla loaded on this laptop. McAfee discovers a program called generic pup.x, which it cannot completely remove. I don't know if this is a malicious file/program or not, but I do know that my laptop runs slower and freezes, and it appears at times that McAfee tries to install and reinstall itself with no direction from me.

Here is the file name: C:\users\lenore\appdata\LocalLow\FunWebProducts\Installr\Cache\00761B10.exe. I have searched for this file in an attempt to remove it, but cannot find it or any programs related to Fun Web products. I have done a cleaning of temporary files, cookies, web searches, but to no avail.

Any expertise is appreciated. Thanks.
 

Read other answers
RELEVANCY SCORE 75.2

seems to keep comeing back and i dont know what it is.. doesnt seem to be causeing any issues but is this something i should be worried about?

heres the scans

Attach.txt
DDS.txt
Ark.txt

A:Generic Pup.x detected by Mcafee

Bump.

Read other 2 answers
RELEVANCY SCORE 75.2

so i have not noticed anything strange going on with my computer other then i sometimes hear 3 clicks and then look at mcafee and it says im not protected and my firewall is disabled and i manually fix it and then it happens later.. also that generic pup.x or whatever that is pops up when i scan and i delete but then it comes back when i scan again.. and i have no idea what it is anyway here is my hijack this log maybe someone can help me..
 

A:Generic Pup.x detected by Mcafee

Read other 13 answers
RELEVANCY SCORE 74.8

I have tried running different malware removal tools and Mcafee both in normal and safe mode and keep getting the message that Mcafee detected and removed. How can I permanently remove these Trojans? I ran the GMER scan and nothing was found.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Cory at 17:48:05 on 2011-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2701 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:DNSChanger!FA and Generic.dx!bbbq Trojans keep being "Removed" by Mcafee

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 74.4

Hello Tech Support,

I have McAfee Security Suite installed on my computer. I received a message from McAfee that Generic Downloader had been detected. I was asked if I wanted McAfee to remove it or if I wanted to remove it manually.

I checked the box for McAfee to remove it. Right after that, I ran a complete McAfee scan of my computer. Nothing was detected.

Since I have received no further messages from McAfee and nothing was detected on the complete scan, am I safe in assuming that McAfee was able to remove it successfully?

Also, does Generic Downloader gain access to a computer through a download, or could it also access through the clicking of a link on a webpage?

Your forum is a wonderful find. I will appreciate your reply.

A:Generic Downloader Detected by McAfee

BUMP, please

Read other 2 answers
RELEVANCY SCORE 73.6

McAfee instruction said that it detected Generic!Artemis trojan, couldn't be quarantined or deleted, to restart computer and perform a full scan. I clicked on the more info and McAfee hackerwatch had this:

No Program Data
HackerWatch is unable to provide information about this program.

File Information

File Name: PE4.3.9014.12592.exe
File Size: 12023910
File Path: C:\Users\Bram\Downloads\
Version:
First seen: 1/22/2009

I ran the virus scan and McAfee reported a clean scan, but after doing some research on this baby, I thought that some pro's need to go over an HJT log for me to be comfortable about this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:34 PM, on 2/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\IEUser.e... Read more

Read other answers
RELEVANCY SCORE 72

I have McAfee and whenever I scan the laptop it tells me that
a Trojan named NTOSKRNL-HOOK is removed from the memory and that it is a Generic Rootkit.d!rootkit. McAfee is not able to find any file in the system that is been infected. The trojan is always there in the memory even if I scan the memory many times.

At the beginning it was directing me to other websites whenever I was using IE or firefox to open a link. I tried to remove it by going through the procedures explained in this link
hxxp://thecooltools.blogspot.com/2009/06/remove-ntoskrnl-hook-generic.html

After removing the infected files when I return to normal mode the Trojan is in the memory again.

Now the on-access scan is disabled completely and I cannot enable it.

I ran dds.scr and the results are attached. When I run gmer.exe it stops after a while and the computer stops functioning, I am not even able to move the mouse, and I need to reset the laptop. Once I stoped the gmer and saved the results in Ark.txt which is attached. Note that what is in Ark.txt is not the complete result of scan.

I appreciate your help


Here is dds.txt file:


DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mohsen at 1:05:40.09 on Tue 08/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3186 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-... Read more

A:ntoskrnl-hook is detected by McAfee in memory but cannot be removed

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financia... Read more

Read other 19 answers
RELEVANCY SCORE 64.8

When trying to remove a virus, I used System Restore. A few days earlier, I uninstalled the McAfee Security Protection, having changed to Microsoft Security Essentials. Now, when I turn on my computer, I get the message "Some McAfee components might not have been installed or launched properly. Restart your computer to fix this. If this message appears again after the restart, please reinstall McAfee Security Center." At the same time the message "Some components of Active Shield are missing and might not have been installed properly." There is no McAfee icon on the bottom toolbar and the only McAfee program in Add/Remove Programs is the McAfee Uninstall wizard. No file size appears to the right of it. These messages appear several times before they stop. I use Windows XP Media Center Edition 2004 with PS2 and have downloaded PS3. I would like to get rid of this in order to get to the next step in trying to remove the virus.

A:McAfee reappears after System Restore

If you just want to get rid of the McAfee remnants, best is to use the following tool.Dowload and save McAfee Removal Tool to your desktop. Run it to remove McAfee. After this, please restart your computer.

Read other 1 answers
RELEVANCY SCORE 60.4

Referred from here: http://www.bleepingcomputer.com/forums/t/265796/helpassistant-folder-creates-on-reboot;-taking-up-all-hard-drive-space/ ~ OBWas infected with a virus/something that installed a program on my computer with a name similar to "SystemProtect," "SystemProtector," "ProtectSystem," etc. Three or four icons for pornographic websites would appear on my desktop every few reboots; I don't know if clicking on them opened anything, as I never bothered to try. I would get frequent pop-ups begging me to download fake anti-virus/anti-malware software. I could not install or run anti-malware software without altering the names of the .exe files. Eventually, I ran many anti-malware programs and thought I got rid of the problem. The virus would cause my computer to lock up on reboot unless I booted in safe mode; it would also create, upon reboot, a folder in my Documents and Settings folder called "HelpAssistant" which was loaded with copies of files from my user profile. This folder takes up quite a bit of my remaining hard drive space. The reappearing folder is, I think, the only problem "left over" from the original infection.-------DDS.txt:DDS (Ver_09-10-24.04) - NTFSx86 Run by NAME at 8:44:12.17 on Sun 10/25/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.165 [GMT -5:00]AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============... Read more

A:MBR Rootkit Detected: HelpAssistant Folder Reappears on Reboot

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 20 answers
RELEVANCY SCORE 57.2

Received a link to clik from business colleague. I started receiving messages from friends on my Facebook buddy list asking me why I would send them a link to clik on. Apparently, the links are different but my McAfee said it blocked it when I tried to download whatever he sent me. I started getting virus alerts to download programs to clean it, which I knew was not from McAfee. I performed a manual scan and it found 6 virus and malwares which were quarantined. One of my friends said that her McAfee didn't even detect anything and had to pay them to get deep into her computer to get rid of it. Today, I awoke to find a similiar ploy to download a virus and malware program to rid my problems. I print screened and am posting that. I again ran a McAfee virus scan and it found 4 which again were quarantined.

How can we get rid of whatever is causing this?

I ran a Lavasoft Ad Aware scan which detected 2 cookies and were removed. I also ran Spybot Search & Destroy which found 25 Ask toolbar which I removed. It is 1 day after rerunning the McAfee scan above and so far no recurrence of the virus. But is it still in my computer?
 

Read other answers
RELEVANCY SCORE 52.4

I have had to restore my computer to factory settings due to some window issues and have been reinstalling all my programs. I am running XP Professional. I have just about gotten back to where I was originally and now my McAfee has reported the following:

McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.
About this Potentially Unwanted Program
Name: Generic PUP.z
Location: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP10\A0003664.ocx
Spyware, adware, and other potentially unwanted programs can harm your computer, compromise its security, and damage valuable files.

I keep deleting the item but it keeps returning each time I log on. I know a PUP can be a necessary part of a programme but, not being a computer expert, I don't know if I need it or if it should be deleted. If it does need to be deleted, how do you do it as it comes back each time I delete it through McAfee!!

I would appreciate any guidance please.
 

A:Generic PUP.z keeps reporting from McAfee

Solved
 

Read other 1 answers
RELEVANCY SCORE 52

Windows 8.1, the trial period was just about up for McAfee so I removed it and now just have windows defender, is this good enough or should I install an anti-virus like avast or avira.ThanksEdit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

A:I removed Mcafee, now have a ?

Many sources have indicated that using Windows Firewall and Windows Defender is pretty much all you need.  I would recommend Malwarebytes Anti-Malware or something similar to boost your security a little.  Me?  I have numerous alligators and crocs in my castle moat 'cause I can do so 

Read other 21 answers
RELEVANCY SCORE 51.6

Was infected with multiple virus, trogans and back doors
Have run McAfee antivirus, Malwarebyte's pro, Stinger, and Mcaffe says it cannot remove "generic!Artemis"
It was located in blstoolbar folder in program foler. C drive.
renamed it blstoolbar1.
the uninstall does not work and it doesn't show up in ad/remove programs list.
My computer is running much cleaner, but I wonder if I'm still infected.
Can anyone Please Help?

I'm going to College in Computer Information Systems, and have some self learned skills.

i've used your services before and would like to continue learning the art of Security and Threat removal.

Tahnk you for all your help guys.
your wonderful!!!!

Beverly

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Owner at 14:07:51.70 on Sat 02/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.156 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hps... Read more

A:Mcafee says cannot remove Generic!Artemis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Hello, Mcafee found the trojan Generic PUP.x!bi and could not remove it completely. And it keeps comming up on subsequent scans. My computer has also been running slower than normal. Please help if you can. HJT file below. Thanks.

Tony
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:48 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\... Read more

Read other answers
RELEVANCY SCORE 51.6

Hello, and thanks in advance for any help provided.

Every couple of minutes, McAfee is finding and deleting a file. The info provided is as follows...

File Deleted, Detection: Generic rootkit.w, Action: File deleted, Object:Port135sik.sys, Location: C:\Windows\System32\Drivers

I have attached my GMER log named ark.txt and my Attach.txt in a zip file. Below is the contents of my DDS log.


DDS (Ver_09-03-16.01) - NTFSx86
Run by tdunn03 at 10:58:14.70 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2029.1500 [GMT -4:00]

AV: Total Protection Service *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDO... Read more

A:McAfee Deleting Generic rootkit.w

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 13 answers
RELEVANCY SCORE 51.6

Greetings All!

Yesterday McAfee updated and then this morning I wake up to a potentially unwanted program. Mcafee lists it as Generic!Artelis. I am wondering if this might be a false positive based on the heuristics scan. McAfee says the problem is:

File Name: C:\System Volume Information\_restore {4e015214-6BB0-4181-B365-456CF1DEC069}\RP110\A0020916.DLL

The location of the infected file is what is making me think this might be a false positive.

Anyone have any ideas? How can I confirm if this is a real problem or not.

Thanks for the help!

RU42

A:new Mcafee hit on Generic!Artemis; real or not

That file is in your system restore. Let's flush that and then scan again.Create a New Restore Point[/b] to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are y... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Yesterday night, my McAfee AV popped up a warning about a generic.dx!sqk trojan in my "System Volume Information". A full scan revealed a lot more in that folder and 1 in my windows/system32/ folder called "rundll.exe" (i'm running win xp, so this had nothing to do there). i also noticed, that the trojan will create a "dllrun.exe" together with an "autorun.inf" on any usb device i plug to my pc (popping up my AV immediately).

thanks in advance for having a look at this. DDS report below.

------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jonas at 16:48:20,75 on 13.05.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.3326.2339 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost.exe*
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\AMD\AMD Power Monitor\AMD_PwrMon.exe
C:\WINDOWS\... Read more

A:[SOLVED] generic.dx!sqk (McAfee) infected :(

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 11 answers
RELEVANCY SCORE 51.6

Hi

Mcafee keeps finding this trojan and removing it. Its been happening for about 8 hours now. When I click on more it says

About This Trojan
Detected: Generic PWS.di (Trojan)
Quarantined From: C:\Users\myname\AppData\Roaming\spynet\mswin8.exe

When it started, my wallpaper changed and my webcam started by itself which freaked me out.

When I look at my security report it says 773 trojans removed so far.

Any help is appreciated.
 

A:McAfee keeps detecting Generic PWS.di trojan

Read other 16 answers
RELEVANCY SCORE 51.6

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:22 AM, on 8/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explo... Read more

Read other answers
RELEVANCY SCORE 51.6

McAfee has quarantined Generic Dropper.au on my computer, but I can't find out how to delete it or what I should do? It has changed some of my desktop settings, but I am afraid to do anything else to see anything since I don't know enough about a trojan to know what is ok to do at this point and what's not. Please advise.

Thanks!

A:Help - McAfee found Generic Dropper.au

After my initial post I found where I was supposed to follow the 5 steps which I have now done. Below is a copy of my main.txt and I will also attach a copy of extra.txt. After going throug the steps Panra found 21 infections on my computer. I need guidance on what I shoul do now. I am not very computer savy so I will need some step by step guidance to get the computer back together. Thanks!

Deckard's System Scanner v20071014.68
Run by Donna Allbritton on 2008-03-21 20:55:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-03-22 00:55:09 UTC - RP568 - Deckard's System Scanner Restore Point
47: 2008-03-22 00:47:16 UTC - RP567 - Software Distribution Service 3.0
46: 2008-03-21 18:00:56 UTC - RP566 - System Checkpoint
45: 2008-03-20 17:52:15 UTC - RP565 - Software Distribution Service 3.0
44: 2008-03-18 19:31:02 UTC - RP564 - System Checkpoint


-- First Restore Point --
1: 2007-12-23 20:40:20 UTC - RP521 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 20:57:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE:... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

Hi
McAfee has detected a Trojan on my PC. It deletes 3 autorun.inf files, but is unable to move / clean / delete the file tmp47A.tmp from C:\Documents and Settings\Joseph\Local Settings\Temp.
Also in the temp folder there is a file tmp479.tmp too, created at the same time which I can see, but can't manually delete either this or the other one (which I can see is called tmp47A.tmp.vir

A HijackThis log comes up with this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:59, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe... Read more

A:Generic.dx Trojan - McAfee can't delete it

Actually laptop crashed.

When it reststarted, was then able to delete thiose two files. Does that mean I'm now ok?
 

Read other 1 answers
RELEVANCY SCORE 51.6

Toshiba laptop - everything was running very slow and lots of progs "not responding". Removed McAfee and speeds improved fantastically yesterday, but upon starting laptop today everything has become extraordinarily slow again. Has taken about an hour to be able to get here and write this thread !! About 4 minutes to open Word and gave up on IE after 7 minutes.

Help please... Melanie

A:Everything slower than ever even tho McAfee removed

Oh man Mel I thought we had you fixed up buddy. :( All right we are going to have to kinda start again. Now did you add anything since yesterday other than the programs we added? I have a sneaking suspician that one of two things is happening. Either something is starting up boot thats drastically slowing you down or you have a malware/adware infection. Ok lets see if its just a program. Go start - run - type in msconfig again uncheck the square box and reboot. If its running right again we will know how to proceed. I'm experiencing bad storms here today so be patient with me because I'm having to shut down at times to protect my computer. But do that for me and post back.

Read other 5 answers
RELEVANCY SCORE 51.6

hi all i know the post is located here somewhere from ages ago i had the same problem on another computer i need the file which which totally removes mcafee as its causing me problmes thanks

A:Mcafee Not Removed Correctly

Here you go:Please download this McAfee Removal Tool, run it, and let it completely remove McAfee from your computer.

Read other 2 answers
RELEVANCY SCORE 51.2

Well I was trying to watch some movie online and the browser, Avant, opened up a bunch of wierd pop up sites even when the pop up blocker was turned on. Mcafee 2007 version, my firewall protection service, reported that it found a trojan virus and it had been removed and a potentially unwated program, Genericup.dx was trying to access internet and another time, a few minutes later mcafee again reported that Generic.dx was trying to access internet. I actually happened 'google' regarding a process 'prunnet.exe' in my process tree and found its a malaware/trojan program. I happened tyo download hijackthis 2.0.2 and I am here with attaching the log info:

Please suggest me the necessary actions and I would be much appreciative of your help.

Please find the log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:50 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.... Read more

Read other answers
RELEVANCY SCORE 51.2

Hi,

My computer has been unbelievable slow for a few months. I have tried a number of malware programs to find something - McAfee, MalwareBytes, SpybotSearchandDestry - but none seem to have solved the problem. This may be unrelated, but all of a sudden, Powerpoint is not working (though all the other Office programs do) and my Dreamweaver instance appears corrupted. I found a forum earlier that suggesting downloading a new version of Java, which I did, but it does not appear to help. My Hijack This report is below. Any help would be much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:31 AM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr... Read more

A:Computer very slow - McAfee found Generic Pup.x

Hi Welcome to TSG!

Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.
 

Read other 1 answers
RELEVANCY SCORE 51.2

Hello, I ran the online free McAfee scan on a relitive's PC and Generic.dx was one of the nasties identified. They are running Windows XP with SP2.

I ran the HJT as recommended and the results are below.

I would appreciate any support in removing the little devil - thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:14, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\run... Read more

A:Generic.dx identified by McAfee online scan

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you post a fresh HijackThis log

Regards

eddie
 

Read other 3 answers
RELEVANCY SCORE 51.2

McAfee can't clean something called Generic Artemis on my computer. Please help me remove this malware/virus.
 

Read other answers
RELEVANCY SCORE 51.2

As soon as a user logs in to their roaming profile Mcafee is reporting an infected file (Generic.dx) c:\windows\document and settings\user\Application Data\RBInternetEncodings600.dll. There are several files including the a fore mentioned one that repopulate after a user logs off then back on. These are roaming profiles and I did delete the suspect files on the server before logging the user back on. The following files are located in the Application Data directory of the user: RBInternetEncodings600.dll, rbap550.dll, RBRegEx550.dll, RBScript600.dll, RBShell555.dll, RBSSLSocket550.dll, RBXML550.dll. They are easily deleted but come back after logging back on.
I did turn the system restore off and have tried the following tools to try to fix the apparent problem: McAfee antivirus program and the online version, Trend Micro online scanner, Adaware free, Malwarebytes Anti-malware, Hijack this, and SuperAntiSpyware. The problem has now spread to a total of 3 computers on our network. Do I need to disconnect these machines while I try to find a remedy? I really need to get a handle on this as soon as possible. I am going to attach the log file from hijackthis but also have the logs from the DDS tool from this site. I appreciate any help you can provide. The other thing I am trying to figure out is what is putting and recreating the dll's, so far no luck. Is there any tools that show the dependencies for a given dll?
Thanks
LeRoy

A:Mcafee Classic reports a generic.dx virus I can not get rid of

This has been resolved. The newest dat file for our version does not like the version of 4sight fax client software we run.

Read other 2 answers
RELEVANCY SCORE 50.8

Hi,

I am new here. I have Patched USER32 reported by Mcafee scan. Mcafee also says that it cannot remove the virus completely. My computer is not down. But I do not know how long before that happens.

Thanks in advance.

-Venkat

A:Patched USER32 cant be removed by Mcafee

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do ... Read more

Read other 11 answers
RELEVANCY SCORE 50.8

Hi Guys,

I have two Zeroaccess trojan viruses that McAfee cannot delete. I'm running windows 7 home. Also, the directory of the viruses are C:\windows\assembly\GAC_64\Desktop.ini

It is blocking access to Mcafee & Windows firewalls and some servers trying to connect to my computer.. i.e ps3 and air mouse

Any help will be greatly appreciated!!!!

Thanks

Mac

A:Zeroaccess Trojan Cannot Be Removed By McAfee

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 5 answers
RELEVANCY SCORE 50.8

I am having trouble removing the W32Trats.dll virus. It can be detected but not removed. Path name given when detected is

C:\Documents and Setting\Mike\Local Settings\Temp\winrkqztv32.dll

Here is the file from the DSS program

Deckard's System Scanner v20071014.68
Run by Mike on 2008-03-29 13:08:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-03-29 17:08:16 UTC - RP28 - Deckard's System Scanner Restore Point
27: 2008-03-23 02:13:50 UTC - RP27 - Spybot-S&D Spyware removal
26: 2008-03-23 01:00:21 UTC - RP26 - System Checkpoint
25: 2008-03-20 23:48:08 UTC - RP25 - System Checkpoint
24: 2008-03-16 18:19:59 UTC - RP24 - System Checkpoint


-- First Restore Point --
1: 2008-02-26 00:40:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:58 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C... Read more

Read other answers
RELEVANCY SCORE 50.8

Hi guys,
 
I am running Windows 7 64-bit and about a week ago I was using Facebook when my PC suddenly rebooted. When it came back up, Windows Defender notified me that I had a Trojan. I ran McAffee, an old version of Malwarebytes, and Sybot Search and Destroy. In fact, I ran them all several times. Then I noticed that both IE and Chrome and been redirected to StartNow Web page (I think). I found directions on how to remove that and did. Chrome has blue screened several times since. I then downloaded AVG (the free version), and reinstalled Chrome. The last time I ran it, 27 suspect items (from adware, malware and trojans) were found. I cleaned them, now AVG doesn't work. I have just finished running Search and Destroy again but nothing came up. Am I truly free of this stuff? 
 
I am having trouble finding the Attach txt file to attach to this post. I am saving it to the desktop but when I try to attach, the file is not listed.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Carla at 16:28:04 on 2013-03-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.3340 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: AVG update module *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-... Read more

A:Smithfraud-c.generic trojan can't be removed

Let me try this again.
 
I see the smith-C thing again after rebooting. I have not rebooted this afternoon, which may be why S&D did not find it.
 
And I still can't find the file on the desktop though it appears in File, Save As. I can't find it by browsing to it. ARgh

Read other 56 answers
RELEVANCY SCORE 50.8

Here is the original background - Zllio recommended I post the combofix and hjt logs I have.Late last night my son's XP SP3 laptop started crashing with blue screensExamination of the AVG 7.5 Virus Vault in Safe Mode revealed an absolute messwith variants of Trojan Horse.Generic.12 being the most common. At the timeI can't say I noticed Virtumonde or not at that time.While is Safe Mode with Networking browsing to any "security" site was hijacked,so I transferred necessary programs from a working pc on a usb key.These are the programs I have programs run to (1) stop the crashing and (2) stop the browser hijacking.CCcleanerMalwarebytes Anti-MalwareSDfixESET online scanVundofixVirtumundoBegoneSubsequent AVG and ESET scan "appear" to show things are back to normal.I ran both Spybot 1.52 then 1.6 and Virtumonde continues to show up making me nervous thatthough there is no crashing or browser hijacking.In my haste to fix this machine I have already run Combofix "before" asking for help.After doing so I reran SpyBot 1.6 and it didn't find anything.I'm at the point now where I need your advice on how to proceed.COMBOFIX Log:ComboFix 08-11-16.05 - ShaneL 2008-11-17 11:23:12.1 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.599 [GMT -5:00]Running from: c:\documents and settings\ShaneL\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\ShaneL\Desktop\WindowsXP-KB310994... Read more

A:Trojan Generic 12/Virtumonda - have I removed it all?

Hello, Virtual CanadaComboFix is a powerful tool which should NOT BE RUN without guidance from an expert. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirrorThis is another mirrorDisable any type of "Script Blockers" or "Script Protection" installed on your system.Double click on your desktop.If prompted by any script blocking tools, please allow any actions taken by DDS.When prompted to preform an Optional Scan, please select Two reports will open. Please reply with the generated reports:DDS.txt <-- Copy and paste into your next postAttach.txt... Read more

Read other 11 answers
RELEVANCY SCORE 50.8

I also have a settings.dat file that is on my desktop that was created after the rootrepeal program ran. What do i do with it?

DDS (Ver_09-10-26.01) - NTFSx86
Run by NANDO at 9:13:35.35 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1356 [VPS 091117-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
svchost.exe
... Read more

A:trojan.generic found and removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

I have a Dell 8400, windows XP home, McAfee viruscan, adaware, spybot.
Had a series of infections starting with McAfee finding and deleting an infection. I had updated McAfee the day before. Subsequently, each time I tried to update McAfee I would get a ddl file error (The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll) and could not update. McAfee ?on access scan? would not turn on regularly.
Scan found XSLT.Class and reported clean failed and found Generic exploit!ka .
I tried to use recovery console as explained on McAfee website with XP CD but the CD was SP2 and I had upgraded to SP3, so it would not work.
AdAware scan found Trojan.win32.Generic!BT.
Another McAfee scan found Adaware open candy.dll, Generic downloader. XPGFK six times.
I tried to repair with sfc scannow but it would not repair files because my disk was SP2 and I am running SP3.
Ran McAfee in safe mode found artemis A7701557ICFO, crop.class, zoom.class, image.class, mulitzoom.class,zoom.class.
Made boodable disk from AVG to scan when OS not running and found:
Windows/system32/drivers/acpi.sys Trojan horse Agent3.wjv Object is white listed (critical system file) and Windows/system32/dirvers/serial.sys Trojanhorse Agent_r.ats. Object is white listed (critical system file).

Used Acronis to restore my C: windows files.
Reran AVG scan and now clean.
Ran malaware scan-OK
Ran stinger-nothing found
Uninstalled and reinstalled McAfee, scan found 14 detections in C: document... Read more

A:infection blocked McAfee, possibly Generic exploit!ka and others

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432522 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 18 answers
RELEVANCY SCORE 50.4

Hi,

I sometimes use my work laptop at home. Last week i accidentally clicked on one of the music download links & got infected with this obnoxious virus.
The system works well at my work with no issues but when i bring it home & log on to internet, some weird programs start running in the back. My Mcafee on access scan informed me that C:\WINDOWS\SYSTEM32\ETUWGB.DLL was unable to delete & the kind of virus is Generic.dx.

I tried running NOD32 & Malware Bytes & it finds Vundo virus & says deleted but when I turn on the computer next time same thing boots up with the system.

Please find below my Hijack log report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:27 PM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\pnpdrvrs\audio\e6400hdaudiobus\stacsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Netsupport manager\Client32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\McAfe... Read more

Read other answers
RELEVANCY SCORE 50.4

Dear All
Since a few days, McAfee reports a trojan alert every time I start my notebook.
McAfee tells me that the name of the Trojan is Generic PWS.y.
The toxic file goes by the name KBDQHAD.DLL and is located under the following path: C:\Windows\System32
According to the McAfee Security Center, Generic PWS.y represents a low threat and should be easily removed with the current software (http://home.mcafeecom/VirusInfo/VirusProfile.aspx?key=141747#none ). I followed the instructions and deleted the Virus with my McAfee software. However, despite the latest updates and McAfee telling me that the Virus is successfully deleted, McAfee apparently is unable to permanently remove the Virus as every time I start the notebook it reappears (and gets detected and arrested by McAfee). I tried this various times. I wonder why this is the case as the Virus seems to be relatively old...
Anyway, as a consequence, I installed the HijackThis software which provides the following Logfile.
I should be extremely grateful if someone could help me on this.
Many thanks in advance
Best
Zores
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:38, on 20.04.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\starter4g.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\Synaptics\SynTP... Read more

Read other answers
RELEVANCY SCORE 50.4

McAfee finds and says it removes the Trojan Generic.dx!gec each time I restart my computer. However it seems to keep coming back as McAfee has to remove this trojan every time I reboot.
I have to reboot every few minutes, as after working on the internet for a few minutes I get the message Internet explorer is unable to display the web page and I can no longer connect to the internet. I presume this is all part of whatever the trojan does.
I have an Acer Intel Celeron computer running Microsoft Windows XP, Home Edition, Version 2002 with service pack 3.
When I run the XP diagnostics (after IE explorer won't connect) I get an error message which says that there is a winsock error, and I can run a process which resets the winsock catalog back to the default settings. I do this and then restart my computer as instructed.
Then a few minutes later everything has to be done again if I want to use the internet...
Any help you can give will be greatly appreciated!!
Below is the diagnostic file I get from running the XP diagnostics

Last diagnostic run time: 10/30/09 09:35:01
WinSock Diagnostic
WinSock status
info
All base service provider entries are present in the Winsock catalog.
info
The Winsock Service provider chains are valid.
error
Provider entry MSAFD Tcpip [TCP/IP] could not perform simple loopback communication. Error 10055.
info
Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info
Provider entry RSVP UDP Service Provider passed th... Read more

Read other answers
RELEVANCY SCORE 50.4

I've contacted McAfee support, and they said I'll have to do the FEE BASED support to remove the virus. Initially, a few weeks ago, when I would search on the internet, I would be redirected to another site, but could click on the back arrow, and it would usually take me to where I wanted to go. Last night, a pop up with McAfee stated it blocked the generic artemis virus and then I got booted off the internet. I can't search at all without that happening, in fact I can't search at all, or paste addresses in the tool bar...I get booted off!

I ran a full scan, and nothing was found with my McAfee. Also, it says I'm protected in their start up screen..I'm running Windows XP Home Edition. HELP!!!!

Is going through McAfee support the only answer?

A:Generic Artemis Virus - McAfee doesn't detect

Hi,We can try some things else first. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner scre... Read more

Read other 7 answers
RELEVANCY SCORE 50.4

Computer's been acting a bit strange, and running HJT, I noticed weird entries I'd never seen before in scans. A McAfee scan found Generic.dx!sww. I discovered that my problems loading webpages stopped when I killed a suspicious process called comsrvr.exe. Other problems I've had have been with getting programs to open/save files, and most recently, brief hangups.Unfortunately I can't offer any more information than that (beyond the logs,) as I am not sure what it exactly all is. I don't use P2P programs and rarely go to non-trusted sites, but I guess one wrong move and it's easy to manage...Anyway, thanks to whoever can help me out with this.DDS (Ver_10-03-17.01) - NTFSx86 Run by Tiffany at 4:50:04.70 on 06/17/2010 ThuInternet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1022.365 [GMT 9:00]AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\... Read more

A:McAfee found Generic.dx!sww, other infections suspected (comsrvr.exe)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 50.4

I am running Win xp pro, service pack 3 on Dell laptop. Recently McAfee Security Center has detected a Generic Pup.z infection that it can not clean. The associated file that McAfee identifies as infected is: C:\DOCUMENTS AND SETTINGS\SANTA/MY DOCUMENTS\SOFTWARE INSTALLERS\MICROSOFT\WINDOWS MEDIA CODEC PACK SETUP.EXE. I easily deleted this file, but I don't think that solved my problem. I appreciate any assistance you can give me and I thank you in advance.

As requested, here are my Attach and DDS log files:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2007 10:57:11 AM
System Uptime: 4/16/2009 9:10:13 AM (0 hours ago)

Motherboard: Dell Inc. | | 0KX350
Processor: Intel® Core™2 CPU T5600 @ 1.83GHz | Microprocessor | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 32.423 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP101: 1/16/2009 4:10:28 PM - Software Distribution Service 3.0
RP102: 1/19/2009 3:05:11 PM - System Checkpoint
RP103: 1/21/2009 12:08:11 PM - System Checkpoint
RP104: 1/30/2009 12:20:38 AM - System Checkpoint
RP105: 2/14/2009 6:28:21 PM - Software Distribution Service 3.0
RP106: 2/18/2009 7:28:55 AM - System Checkpoint
RP10... Read more

A:Generic Pup.z infection that McAfee Can't Clean, Assistance very much Appreciated

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 5 answers
RELEVANCY SCORE 50.4

I have been reading the thread to another post where [Chemical] was working with the gentleman who used the Virus Total program and determined that he may have a backdoor Trojan. I think I may have the same thing have happened to me and coincidentally I had Capital One Credit catch someone who had stolen my SSN, DOB, & Mother's Maiden Name as well as my user ID & password. They had tried to change my address on June 5 and were blocked by Capital One. I have since notified the three credit agencies and changed all of my login information for all financial institutions from this same computer.

I purchased this laptop in Mid May and did not put McAfee on it until a few days into usage. I also have Ad Aware (free version) which I have run. I have lately been getting uncontrollable pop ups whenever I open a new window. There is a scrolling message just above my taskbar that reads PremuimInternetAdvice. I actually found a program installed in my programs list and removed it, but it keeps coming back.

I have used Tech Support Forum in the past and decided today to go there when I found the message thread I referred to. I did perform a boot in Safe Mode then ran a full scan with McAfee. While it found 5 Trojans, it could only remove 3 of them. I have attached screen shots of those 5 as well as the Attach.zip and pasted the contents of my DDs.txt below. I really hope that I don't have some pro watching every keystroke I make right now. Can you help?

Scott Personal In... Read more

A:[SOLVED] 2 of 5 Trojan Viruses Not Removed by McAfee

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.


========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malwar... Read more

Read other 13 answers
RELEVANCY SCORE 50.4

Dear Sirs and Madams,

I was recently given a brand new Acer Aspire E11 to update and install MS Office and other softwares in it but I decided to update McAfee first and run its full scan because every time I plugged in my usb stick, everything in it just turned into shortcuts...sounds familiar heh!

I spent the last Thursday through Friday just to fully update McAfee; (snail internet) successfully run its full scan and removed the 8 detections but after reboot, till now, a cmd startup will always appear with the following error (white X inside a RED circle) message: "Windows cannot find 'C:\Users\Windows\AppData\Roaming\aiasfacoiaksf.vbs'. Make sure you typed the name correctly, and then try again."

I am lost here as I do not know what to do about it or how to stop this from showing up at every boot.

Thanks much in advance and God bless,

z.

A:cmd startup in Win 8 after McAfee removed 1 virus + 7 malwares

web search indicates this is a 'backdoor trojan'

How to Clean Aiasfacoiaksf.vbs?(Uninstall Guide) | Browser Hijacker.Trojan.Adware.Malware.Removal Guides.

see the section on 'manual removal'

also see:
http://www.quora.com/How-do-I-remove...from-my-system

Read other 5 answers
RELEVANCY SCORE 50

Late last night my son's XP SP3 laptop started crashing with blue screens
Examination of the AVG 7.5 Virus Vault in Safe Mode revealed an absolute mess
with variants of Trojan Horse.Generic.12 being the most common. At the time
I can't say I noticed Virtumonde or not at that time.

While is Safe Mode with Networking browsing to any "security" site was hijacked,
so I transferred necessary programs from a working pc on a usb key.
These are the programs I have programs run to (1) stop the crashing and (2) stop the browser hijacking.

CCcleaner
Malwarebytes Anti-Malware
SDfix
ESET online scan
Vundofix
VirtumundoBegone

Subsequent AVG and ESET scan "appear" to show things are back to normal.

I ran both Spybot 1.52 then 1.6 and Virtumonde continues to show up making me nervous that
though there is no crashing or browser hijacking.
In my haste to fix this machine I have already run Combofix "before" asking for help.

After doing so I reran SpyBot 1.6 and it didn't find anything.

I'm at the point now where I need your advice on how to proceed.

A:Trojan Generic 12/Virtumonde - not sure if completely removed?

Hi Virtual Canada,Since you've already run Combofix, it would help if you'd post your Combofix log without running it again. If you rerun it, the new log will overwrite the old one. Then get a copy of HijackThis according to the instructions in This Topic Post both of these in the HijackThis and Malware Forum. It may also be necessary to run a scan that will pick up recently installed files in your win32 folder, but someone in malware removal will tell you if they need further scans.Zllio

Read other 3 answers
RELEVANCY SCORE 50

Edit: Just added Kaspersky report, and it identified the trojan as Backdoor.Win32.Delf.hoq, Trojan HorseA trojan is pegging my CPU at 100% by spawning processes in infinite loop.Hi I'm running MS Windows XP SP3. My computer becomes unresponsive when I log into an administrative account. If I check the task manager, several runaway processes appear taking up CPU cycles. These processes are several instances of both "notepad.exe" and "svschosts.exe". I also get error messages from vsjitdebugger.exe complaining about notepad.exe. I've done some research on the net, and I've found one web page describing the trojan:http://www.threatexpert.com/report.aspx?ui...b3-228c914699beThe link above says that %AppData%\Key Folder\gp2007.dll is masquerading as "notepad.exe". So basically, my task manager looks like the following:notepad.exenotepad.exesvcshosts.exenotepad.exesvcshosts.exesvcshosts.exesvcshosts.exenotepad.exenotepad.exevsjitdebugger.exenotepad.exesvcshosts.exenotepad.exevsjitdebugger.exevsjitdebugger.exesvcshosts.exenotepad.exenotepad.exevsjitdebugger.exenotepad.exe... and this list continues to grow as time passes until my computer becomes unresponsive. The only way I was able to run DSS was to run "taskkill" multiple times on notepad.exe.Can anybody help? It sounds pretty malicious to me. So I've kept my computer disconnected from the Internet for the most part (I'm posting this from a laptop), but I did am current... Read more

A:Infostealer [symantec], Generic.dx [mcafee], Tspy_qqrobber.aa [trend Micro]

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers