Over 1 million tech questions and answers.

Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Q: Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue screen crash a week ago. I was playing a game @ the time & it locked up. I had to power down PC to shut off. At start up it did a check-disk scan & said the volume was dirty. After the check-disk scan MSConfig has stayed in start up. I think I turned on a bunch of start up programs I don't need ne more..-Norton has detected & Quarantined Combofix.exe(Trojan Horse) 1 time & a0442396.exe(Trojan Horse) twice-I reinstalled my sound card driver a few days ago after Resident Evil 5 had no sound when characters spoke. It fixed the sound in game but now getting this error while trying to open Creative Volume control. Bad Install? QUOTE"the audio device supported by this application is not detected. the application will exit"-Re-installed .NET Framework, restored my PC, Reinstalled graphics driver, direct X, ran scans mentioned above, etc. I have no clue how to fix or what scans to run. Help xD DDS (Ver_10-03-17.01) - NTFSx86 Run by Jon at 23:49:18.95 on Thu 04/08/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1413 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exesvchost.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exeC:\WINDOWS\Explorer.exeC:\Program Files\Logitech\G-series Software\LGDCore.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\Documents and Settings\Jon\Application Data\svchosts.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\dlbxcoms.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Jon\My Documents\My Received Files\Bleeping Computer Software\dds.scr============== Pseudo HJT Report ===============uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comuStart Page = hxxp://www.google.com/uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlmDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.commSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.commStart Page = hxxp://www.yahoo.com/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>;*.localuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.commWinlogon: Shell=Explorer.exe "c:\documents and settings\jon\application data\lsass.exe"mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exeBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.6.0.32\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: {a9277f06-74ce-cf6d-206f-ed75e4b8ed60} - c:\windows\ekulexaheqim.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dllTB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dllTB: {3DE5D178-BD44-4709-A9CC-3211619A5B19} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [SetDefaultMIDI] MIDIDef.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exemRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,[email protected]: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDEmRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /rmRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"mRun: [Cwenapupiy] rundll32.exe "c:\windows\ekulexaheqim.dll",StartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [CTHelper] CTHELPER.EXEmRun: [UpdReg] c:\windows\UpdReg.EXEmRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEmRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kmRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [nwiz] nwiz.exe /installdRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exemExplorerRun: [Microsoft Corp] c:\documents and settings\jon\application data\svchosts.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exeuPolicies-explorer: MaxRecentDocs = 2 (0x2)uPolicies-explorer: GreyMSIAds = 1 (0x1)IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exeIE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jon\start menu\programs\imvu\Run IMVU.lnkIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cabDPF: Microsoft XML Parser for JavaDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cabDPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://www.amiuptodate.com/vsc/bin/1,0,0,9/McUpdatePortal.cabDPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabDPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cabDPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cabDPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllNotify: WRNotifier - WRLogonNTF.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllLSA: Notification Packages = scecli invrxdvi.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\jon\applic~1\mozilla\firefox\profiles\qrjh1gz5.default\FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\ipsffplgn\components\IPSFFPl.dllFF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\documents and settings\jon\application data\move networks\plugins\npqmp071500000347.dllFF - plugin: c:\documents and settings\jon\application data\move networks\plugins\npqmp071503000010.dllFF - plugin: c:\documents and settings\jon\application data\move networks\plugins\npqmp071505000010.dllFF - plugin: c:\documents and settings\jon\application data\move networks\plugins\npqmp071505000011.dllFF - plugin: c:\documents and settings\jon\application data\mozilla\firefox\profiles\qrjh1gz5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLLFF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dllFF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: XULRunner: {43127E14-C2BD-4F53-A552-52986B8F9DD6} - c:\documents and settings\jon\local settings\application data\{43127E14-C2BD-4F53-A552-52986B8F9DD6}FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: content.max.tokenizing.time - 200000FF - user.js: content.notify.interval - 100000FF - user.js: content.switch.threshold - 650000FF - user.js: nglayout.initialpaint.delay - 300FF - user.js: network.http.max-connections-per-server - 8FF - user.js: browser.link.open_newwindow - 3FF - user.js: dom.disable_window_open_feature.resizable - falseFF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-12-9 128016]R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1106000.020\symds.sys [2010-4-6 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1106000.020\symefa.sys [2010-4-6 172592]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1106000.020\cchpx86.sys [2010-4-6 501888]R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-9 317072]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1106000.020\ironx86.sys [2010-4-6 116784]R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-22 10384]R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.6.0.32\ccsvchst.exe [2010-4-6 126392]R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-19 24652]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-8 102448]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100402.001\IDSXpx86.sys [2010-4-5 329592]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100408.032\NAVENG.SYS [2010-4-8 84912]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100408.032\NAVEX15.SYS [2010-4-8 1324720]S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-7 79360]S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]=============== Created Last 30 ================2010-04-09 03:21:08 20 ----a-w- c:\documents and settings\jon\defogger_reenable2010-04-08 19:03:50 0 d-----w- C:\Z_BaCkUp2010-04-08 17:58:41 57472 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT2010-04-08 06:14:42 0 d-----w- c:\program files\CONEXANT2010-04-07 23:38:52 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll2010-04-07 23:38:52 528216 ----a-w- c:\windows\system32\XAudio2_6.dll2010-04-07 23:38:51 238936 ----a-w- c:\windows\system32\xactengine3_6.dll2010-04-07 23:38:45 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll2010-04-07 21:12:33 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat2010-04-07 21:12:33 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat2010-04-07 21:12:33 26424 ----a-w- c:\windows\system32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx2010-04-07 21:12:33 26424 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx2010-04-07 21:12:33 1080 ----a-w- c:\windows\system32\settingsbkup.sfm2010-04-07 21:12:33 1080 ----a-w- c:\windows\system32\settings.sfm2010-04-07 21:10:48 0 d-----w- c:\program files\common files\Creative Labs Shared2010-04-07 03:55:21 0 d-----w- c:\program files\Resident Evil 52010-04-06 03:09:58 0 d-sh--w- C:\found.0002010-04-06 00:27:15 0 d-----w- c:\docume~1\jon\applic~1\Windows Search2010-04-06 00:13:33 0 d-----w- c:\docume~1\jon\applic~1\Windows Desktop Search2010-04-06 00:12:39 0 d-----w- c:\program files\Windows Desktop Search2010-04-06 00:11:22 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll2010-04-06 00:11:22 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll2010-04-06 00:11:22 192000 ------w- c:\windows\system32\dllcache\offfilt.dll2010-04-04 00:37:31 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-04-04 00:37:31 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-04-04 00:37:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-04-04 00:37:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-04-04 00:37:31 0 d-----w- c:\program files\Symantec2010-04-04 00:37:31 0 d-----w- c:\program files\common files\Symantec Shared2010-04-04 00:37:15 0 d-----w- c:\windows\system32\drivers\NAV2010-04-04 00:37:14 0 d-----w- c:\program files\Norton AntiVirus2010-04-04 00:34:30 0 d-----w- c:\program files\NortonInstaller2010-04-04 00:34:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller2010-04-04 00:33:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton2010-04-04 00:01:56 0 d-----w- c:\docume~1\alluse~1\applic~1\ZA_PreservedFiles2010-04-03 05:52:12 0 d-----w- c:\program files\common files\xing shared2010-04-02 02:37:58 110592 ----a-w- c:\docume~1\jon\applic~1\nigC.tmp.bat2010-03-31 22:50:27 0 d-----w- c:\program files\Bonjour2010-03-30 02:10:27 3072 --sha-w- C:\Thumbs.db2010-03-29 01:50:41 163328 --sh--r- c:\windows\csrss.exe2010-03-29 01:50:36 163328 ----a-w- c:\docume~1\jon\applic~1\nigB7.tmp.bat2010-03-28 23:53:13 120 ----a-w- c:\windows\Dsebijuciv.dat2010-03-28 23:53:13 0 ----a-w- c:\windows\Wvawejoherafiq.bin2010-03-28 23:49:30 46080 ----a-w- c:\docume~1\jon\applic~1\nigB5.tmp.bat2010-03-25 20:01:06 0 ----a-w- c:\docume~1\jon\applic~1\nig90.tmp.exe2010-03-25 20:01:01 262144 ----a-w- c:\docume~1\jon\applic~1\nig90.tmp.bat2010-03-25 19:58:47 1 --sh--w- c:\docume~1\jon\applic~1\lsass.exe2010-03-25 19:58:47 0 ----a-w- c:\docume~1\jon\applic~1\nig8B.tmp.exe2010-03-25 19:58:44 262144 ----a-w- c:\docume~1\jon\applic~1\nig8B.tmp.bat2010-03-21 21:46:58 110592 --sh--r- c:\docume~1\jon\applic~1\svchosts.exe2010-03-11 04:55:18 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe==================== Find3M ====================2010-04-07 21:09:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll2010-04-07 21:09:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll2010-04-06 04:36:04 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2010-04-06 04:35:55 215128 ----a-w- c:\windows\system32\PnkBstrB.exe2010-04-05 05:34:19 262144 ----a-w- c:\windows\system32\default_user_class.dat2010-04-03 05:51:39 499712 ----a-w- c:\windows\system32\msvcp71.dll2010-04-03 05:51:39 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-03-30 02:15:48 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys2010-03-23 03:54:00 2285056 ----a-w- c:\windows\system32\TUKernel.exe2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe2010-02-20 22:03:56 2321 -c--a-w- c:\windows\eReg.dat2010-02-16 04:50:23 64000 ------w- c:\windows\system32\dllcache\iecompat.dll2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-01-22 01:33:06 41872 ----a-w- c:\windows\system32\xfcodec.dll2010-01-20 22:04:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat2010-01-12 16:03:34 6359168 ----a-w- c:\windows\system32\nv4_disp.dll2010-01-12 16:03:34 61440 ----a-w- c:\windows\system32\OpenCL.dll2010-01-12 16:03:34 4104192 ----a-w- c:\windows\system32\nvcuda.dll2010-01-12 16:03:34 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll2010-01-12 16:03:34 2283526 ----a-w- c:\windows\system32\nvdata.bin2010-01-12 16:03:34 2259560 ----a-w- c:\windows\system32\nvcuvid.dll2010-01-12 16:03:34 182888 ----a-w- c:\windows\system32\nvcodins.dll2010-01-12 16:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll2010-01-12 16:03:34 14458880 ----a-w- c:\windows\system32\nvoglnt.dll2010-01-12 16:03:34 11632640 ----a-w- c:\windows\system32\nvcompiler.dll2010-01-12 16:03:34 1081344 ----a-w- c:\windows\system32\nvapi.dll2010-01-12 16:03:34 10276768 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys2010-01-12 02:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll2010-01-12 02:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe2010-01-12 02:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe2010-01-12 02:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll2010-01-12 02:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll2010-01-12 02:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll2007-11-27 16:34:40 7680 --sha-w- c:\program files\Thumbs.db2007-11-23 06:18:50 5632 --sha-w- c:\program files\common files\Thumbs.db2005-08-13 19:23:22 774144 ----a-w- c:\program files\RngInterstitial.dll2007-10-18 03:53:38 848 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-07-31 17:07:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat2008-07-29 06:31:08 12873 --sha-w- c:\windows\system32\gearsofwar\klog.dat============= FINISH: 23:51:10.53 ===============

RELEVANCY SCORE 200
Preferred Solution: Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 3 answers
RELEVANCY SCORE 131.2

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 124.8

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 122.4

I've been having a major problem over the past few days with a virus called svchosts.exe. It appears to be some kind of virus or trojan horse that runs at startup through the Personalized Settings. I'm not sure what exactly its doing, since my computer has not shown a lot of ill effects, but I have noticed some slowdown and occasional shutdowns which could be to do with this.

The file is supposedly located at this location-

C:/WINDOWS/WINBOOTERR/SVCHOSTS.EXE

I've looked for this directory and it isn't there, even when showing hidden files and folders.

I have tried everything to remove this virus. I did a virus scan with AVG, it detected the virus and moved it to the Virus Vault, but its still running at startup. I tried using Spybot Search and Destroy which also picked it up, I removed it, but its still running. I also tried removing all instances of the file from the registry with regedit, but it is still there.

Can anyone give me any advice to try and get rid of this very persistent virus, before it does any serious damage. If it's any help I'm on Windows XP Service Pack 3.

Here is my HijackThis log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:23, on 03/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\... Read more

A:Virus/Trojan Horse problem- svchosts.exe

Bump. I also wanted to mention that I've tried removing this virus with Windows Security Essentials as well, but despite removing the virus it came back at startup again.
 

Read other 2 answers
RELEVANCY SCORE 112.4

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 112

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 111.6

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 111.6

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 110.4

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 110.4

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers
RELEVANCY SCORE 110.4

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers
RELEVANCY SCORE 110.4

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 110.4

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 109.2

Computer infected. Below is as much info as I can provide to get your help.

System: Windows XP
security: AVG free

All of the sudden the computer started spewing legitimate looking security warnings...but if you clicked on them they opened the page for Antispyware Soft. Then, nothing would work except Firefox. Below are bullet-point facts which I hope will help you to help me get this off the machine.

AVG issued "Resident Shield Alert" with following info:
Threat: Trojan horse Cryptic.ZE
File: C:\Documents and Settings\Lesley\Local Settings\Temporary Internet Files\Content.IE5\UF0C3S89\omni[1].gif

Rogue security warning says:
Infected by 186.133.32.88 port 16416
Attacked port 835
Threat Win32/Nuqel.E

cannot run scan with AVG
cannot open IE
cannot open Google Chrome
cannot install jack This
cannot install Norton free scan (which requires IE)
cannot install McAfee free scan (required to install due to Firefox as browser)
Malwarebytes installed to desktop but will not open and cannot run scan from right click option
cannot install Ad-Aware

Each time I try to do anything (except open Firefox and surf via Firefox), I get the following error message - which is tied to the rogue Antispyware Soft:
"Security Warning
Application cannot be executed. The file XXXX (insert all that I have tried to install here) is infected. Do you want to activate your antivirus software now?"

If you click on 'yes', the Antispyware Soft... Read more

A:Trojan horse Cryptic.ZE (Rogue: Antispyware Soft)

I also cannot run any programs on the computer like Works, MS Explorer,etc.

The Windows Security alert boxes are now popping every 5 seconds or so and I can't get them to stop.

And...periodic porn sites are popping up now.

Await help.

Read other 5 answers
RELEVANCY SCORE 109.2

Hi all you wonderful people at bleeping computer!I'm hoping you might be able to help me with a Trojan I have on my laptop. AVG is picking it up occasionally and always on startup, but it keeps coming back.I've followed the preparation guide and am pasting and attaching the data requested... except...!My machine has crashed a number of times during the GMER scan so I've had to give up on that one. Let me know if there is something else I should do so the scan can complete.Here is my DDS log and the other file is attached.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:00:38.24 on 07/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.333 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\LAUNCH~1\LManager.exeC:\Program Files\Common Files\Logitec... Read more

A:Nasty Trojan "Trojan horse Generic16.CNLB"/ "Trojan horse BHO.MFW"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 22 answers
RELEVANCY SCORE 108.8

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

Read other 17 answers
RELEVANCY SCORE 108.8

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 108.8

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

Read other 1 answers
RELEVANCY SCORE 108.8

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 108.8

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

Read other 2 answers
RELEVANCY SCORE 108.8

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 108.8

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 108.8

Trojan horse SHeur2.BEKQ infecting bogogife.dll and Trojan Horse Generic14.AXEW infecting logon.exeI was minding my own business on the net and the resident shield alert pops up telling me I have infections...I clicked to try to delete them and it said it wasn't recommended. so here I am again...I seem to get infections alot and don't know what Im doing wrong. Please HelpHere are the documents requested:DDS (Ver_09-07-30.01) - NTFSx86 Run by Twiss at 17:53:58.56 on 17/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1261 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\OEM02Mon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\New Java\bin\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOW... Read more

A:Trojan Horse SHeur2.BEKQ & Trojan horse Generic14.AXEW

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 106.4

Hi there.

My computer has slowed down to a crawl. The only thing I have noticed is that I get a norton virus alert everysooften claiming that combofix has a trojan horse. Unable to repair, unable to access file.

Any chance of some help?

many thanks

Heres the hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:46, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Pr... Read more

Read other answers
RELEVANCY SCORE 106

Hi all
 
I appear to have picked up some viruses.
 
An AVG virus scanner keeps detecting the trojan horses as detailed in the subject field, however is unable to remove the threat. There appears to be loads of unusually named folders in AppData/Roaming and I keep getting popups asking me to run a java.bs.
 
In addition there are numerous processes in task manager which are using CPU memory and slowing the system down hugely. These are svchost.exe and iexplore.exe.
 
Can anyone help please?
 
Many thanks!

A:Trojan Horse SHeur4.BSNO & Trojan Horse ScreenLocker_s.WI

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 1 answers
RELEVANCY SCORE 106

Hi, I've had this virus on my computer for about a week. It's mostly disabled my internet, and made most programs extremely slow or hard to use. I've tried running malwarebytes, superantispyware, AVG, etc but havn't had any luck. The only thing that even detected it was avg, which doesn't remove it.

I'm running a Toshiba Satellite A505 with Windows 7 on a 64 bit operating system(So I can't post GMER logs). Any help would be appreciated! Thanks.

This is my DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Ian at 19:52:24 on 2011-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2334 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows�... Read more

A:Trojan Horse SHeur3.CFMY & Trojan horse agent3.CHE

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411630 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

Read other 2 answers
RELEVANCY SCORE 106

Hi,I've had issues with pop up ads every few minutes. I scanned my computer using AVG Anti-virus and it found these trojans that were all moved to the virus vault:Trojan horse Generic3_c.YIMTrojan horse PSW.Generic7.BMRDTrojan horse Dropper.Small.IAUTrojan horse Generic16.AQOGTrojan horse Generic16.AQOGTrojan horse Generic16.AQOGI'm still getting pop up ads, though.Below are my DDS log details (I also added my HiJackThis log) and I've attached the Attach.txt file per your Guidelines (http://www.bleepingcomputer.com/forums/topic34773.html). Any help you can offer will be great. Thanks!DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by Elena at 14:38:42.91 on Tue 12/07/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2117 [GMT -8:00]============== Running Processes ===============C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC: ... Read more

A:Trojan horse Generic3_c.YIM, Trojan horse Generic16.AQOG

Do you still desire help?

Read other 24 answers
RELEVANCY SCORE 106

Hello,

First, two thumbs up for the good work you guys do here!!

Second, MY PC has several related/non-related "issues".

-- Within the past month, I have eight instances of the Trojan Horse PSW.Generic.MYP in my AVG Vault (I attached a csv file) and 3 instances of Trojan Horse Gneric 5.100 as well as one instance of Trojan Horse Agent DYC

---My PC takes 3 times as much time to Start-up as it used too.(few minutes in regular mode and 15+ in Safe Mode)

---I run AVG anti-spyware once every day. EVERY TIME I do, I get AT LEAST four THOUSAND traces and over 30+ objects. I attached a copy of a scan that was run 4 days ago just as a point of reference. (Scan-20070730.txt)

I recently(ironically one month ago) went through a nasty break-up with a very computer savy ex girlfriend. Not that it is important but it seems after looking up these particular Trojans, they all seem to be geared towards password theft. Please take a look at my logs below. Also if there is anything else you might suggest to prevent password theft in the future please let me know! THANKS

***************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:00:31 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

A:Password stealing Trojan Horse?? Trojan Horse PSW.Generic.MYP

No responses....hmmm? Can someone please tell me (PM or in open forum) what I did wrong here? wrong forum, wrong format, or just plain wrong? lol I really would like to solve the issues I'm having related to malware/spyware etc

THANKS
 

Read other 1 answers
RELEVANCY SCORE 106

The computer takes a long time to open up, sometimes the desktop item disappear but will reappear upon reboot, I often find it impossible to go from one part of a web site to another, and my google popup blocker stopped working, and clearing the count didn't make a difference. Ran Spybot R&D, AVG, did a defrag, and a cleaner, ran CCleaner, CCleaner Register cleaner All to no avail. Here's my HiJack results:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:32 PM, on 6/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\CyberLink&... Read more

A:May Have Virus, Repeater Trojan Horse, Or Plain Trojan Horse

Doesn't anyone ever read this site?

Read other 26 answers
RELEVANCY SCORE 106

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

A:Infection of Trojan horse Generic15.AULT and Trojan horse BH0.JEW

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

Read other 16 answers
RELEVANCY SCORE 106

ok, i got some viruses/spyware messing around with my system, my avg keeps finding these virus

trojan horse BHO.BDJ , .BDP, .BCD, .BBY
obfustat.plc
trojan horse downloader generic4.fhs

i have already scanned with avg, avg spyware, adaware.... im at a loss of how to get rid of these things.

heres my hijackthis log any help would be appreciated.....

Logfile of HijackThis v1.99.1
Scan saved at 9:53:24 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ok5wgwugp.exe
C:\Program Files\Microsoft ActiveSync\WCE... Read more

A:trojan horse bho, obfustat.plc, trojan horse downloader generic4.fhs

Read other 16 answers
RELEVANCY SCORE 105.2

Hello all,I have noticed my computer freezing and going to sites (www.abigaildiets.com) so fat loss site I didnt click, So I installed AVG 8.5 and PC-Tool Spyware docter, they pick up most of the viruses but there were 3 viruses that just wont go away, it detects it, but everytime i start up it picks it up again, as if it was never deleted.The 3 infections are (as detected by AVG Anti-Virus everytime I start up):Virus Identified Packed.NoperTrojan horse Generic14.ZYFTrojan horse SpamBot.wMy HJT is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:31 AM, on 8/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d .exeC:\DOCUME~1\WENTAO~1\LOCALS~1\Temp\d.exeC:\WINDOWS\msd.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Pr... Read more

A:Multiple Trojans and Virus that just Won't go Away(Virus Identified Packed.Noper--Trojan horse Generic14.ZYF--Trojan horse...

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 1 answers
RELEVANCY SCORE 104

My computer is Windowns XP Service pack 3
I always use Firefox and never use Microsoft explorer.
My computer runs AVG 9.0.830 Free.

On 6/30/10 my computer detected Trojan horse Clicker.AJSF. This was followed immediately afterwords with the detection of Trojan horse Downloader.Agent2.YIZ. This was accompanied by the noise of clicking anywhere from every 10 seconds to 2 every minutes. This went away after a few runs of AVG. Occasionally the volume would balance would lower itself to zero. The Trojan horse Clicker.AJSF was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\119889546
C:\Documents and Settings\corboybp\Application Data\Sun\Java\deployment\cache\6.0\4\3c0ae\784-3513414
the Trojan horse Downloader.Agent2.YIZ was located in the following places:
C:\Documents and Settings\corboybp\Local Settings\Temp\loader.exe
C:\Documents and Settings\corboybp\Local Settings\Temp\smss.exe

All was quiet until 7/7/10 when Trojan horse Downloader.Agent2.YIZ showed up again however no symptoms were notable. it was located in the following places:
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe

Today the scan discovered Trojan horse Downloader.Agent2.YIZ located in the following locations:
C:\System Volume Information\Microsoft\smss.exe (1064)
C:\System Volume Information\Microsoft\smss.exe Result: object is inaccessible
C:\System Volume Information\Microsoft\servic... Read more

A:Trojan horse Clicker.AJSF "congratulations you won!" Trojan horse Downloader.Agent2.Y

Hi,

Please do the following:

Download Bootkit remover to your desktop
This is a rar file if you do not have a program to open it then download and install PeazipExtract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Now open a notepad and press Control+V
Post the resultant log here please



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and... Read more

Read other 8 answers
RELEVANCY SCORE 104

Hi, Many years ago I got a big help with "HijackThis" from this forum and killed a bad virus in my computer at the time. So thank you guys. Now I come back with a similar problem except this time it appear to be a very stubborn Trojan horse named "Trojan horse Agent_r.ATS". Here is what I have done so far:

AVG reported the "Trojan horse Agent_r.ATS" but can't do anything about it because the file infected C:\Windows\System32\drivers\cdrom.sys is white-listed (critical/system file that should not be removed).

I learned that ComboFix might be able to kill it so I tried. However, it didn't work out as I hoped. It started ok and then after a while it did a reboot. However, no combofix.txt file was produced. After reboot, I logged in and the ComboFix window started dancing: flashing and moving around on the screen every second, and there is no way to stop it. It appears to have entered an infinite loop. Finally I had to log out the account and boot into safe mode. In safe mode, I removed the Combofix directory and then boot into windows. Now the windows works but when I did a scan with AVG again, the "Trojan horse Agent_r.ATS" is still there in the C:\Windows\System32\drivers\cdrom.sys. Back to square one.

So I lost my battle for round 1 with ComboFix. Any suggestions?

A:ComboFix fighting Trojan horse Agent_r.ATS

Ok. Problem solved in round 2. I re-run ComboFix and it worked. It killed Trojan horse Agent_r.ATS and a bunch of other bad stuff. I lost the CDROM for a while and then got it back by upgrading the driver firmware from Sony. Everything works fine now.

I am positively surprised by what ComboFix can do and it now has my full vote of confidence, despite its appearance.

A few tips that might help others:

-backup all important files before running ComboFix.
-It puts out messages in Chinese (or is it just me,or multilingual?)
-Leave it alone once started (no way to stop it either), or any click may cause problems.
-It worked with AVG installed but I had to "Ignore" the AVG functions since AVG doesn't fully exit.
-ComboFix does a very thorough job cleaning. Thanks!

Read other 1 answers
RELEVANCY SCORE 102.8

This is my log report from combofix, I have not received any threat detections since but please help me! Is there any further action required?
ComboFix 12-07-27.03 - Sniff 07/28/2012 20:53:54.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.780 [GMT -4:00]
Running from: c:\users\Sniff\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sniff\AppData\Roaming\nfone.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\@
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\L\[email protected]
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\L\201d3dde
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\U\[email protected]
c:\windows\Installer\{f1d25ed1-aed9-2b1b-8510-f2a1ef0c03f9}\U\[email protected]
c:\windows&... Read more

A:Combofix Log report for Trojan horse Dropper.Generic_C.MMI

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462919 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 102.8

This is my log file form completing comboxfil process. Please help with the further removal of this trojan. Thanks.ComboFix 10-09-04.06 - Kim 06/09/2010 13:06:08.1.2 - x86Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1014.348 [GMT -2.5:30]Running from: E:\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\programdata\FullRemove.exec:\programdata\Microsoft\Network\Downloader\qmgr0.datc:\programdata\Microsoft\Network\Downloader\qmgr1.datc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}c:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome.manifestc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\_cfg.jsc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\chrome\content\overlay.xulc:\users\Kim\AppData\Local\{A692594C-5037-4F3E-945F-35A8464290DD}\install.rdfc:\users\kim\appdata\local\temp\cbywvs.dllc:\users\Kim\AppData\Local\Temp\wvvsss.dllc:\users\Kim\AppData\Local\Windows Serverc:\users\Kim\AppData\Local\Windows Server\admin.txtc:\users\Ki... Read more

A:Trojan horse dropper generic 2, log file from combofix.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 102.8

hi,

i'm a recent lurker, first time poster on this site. let me just say that this site is amazing. successful, timely help for complicated computer issues. just great.

i'd appreciate your help with my laptop.

used this thread for information:

http://forums.techguy.org/malware-removal-hijackthis-logs/633685-solved-trojandownloader-xs.html

my laptop recently gave me a barrage of notifications that it has been infected with a trojan (trojandownloader.xs), and possibly other trojans and spyware.

i just know the basics of computers, and this is what i've done so far.

what i've done: downloaded 1) combofix, 2) hijackthis, 3) SDfix, and 4) ATFcleaner. got the reports for 1, 2, and 3. used 4 to clean all the passwords, cache and such.

what i don't know: i don't know how to interpret/use the reports.

i also downloaded 5) pocket killbox and 6) AVG AntiSpyware. however i don't know how to use them.

please let me know if i need any other tools. appreciate your help to figure out what i need to do.

thanks,
Adam

edit: also, please take a look at the logs, and let me know how bad the infection is.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

that is from the combofix log. what does that mean?

don't know if i should post all the logs in separate posts or a single post. sorry if i violated any posting procedure.
 

A:Help! trojan horse/spyware. HJT, combofix, SDfix logs

Read other 6 answers
RELEVANCY SCORE 102.4

My antivirus says I have a trojan horse that it can't get rid of. Please review my logs. I think it has something to do with syswow64HiJackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:14:03 PM, on 12/13/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\hp\support\hpsysdrv.exeC:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exeC:\Program Files (x86)\AVG\AVG8\avgtray.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\MSN Toolbar\Platform\4.0.0346.1\mswinext.exeC:\Program Files (x86)\AVG\AVG8\avgui.exeC:\hp\kbd\kbd.exeAttach log:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft? Windows Vista? Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/20/2008 8:45:12 PMSystem Uptime: 12/12/2009 11:12:37 AM (24 hours ago)Motherboard: OEM_MB | | NARRA3Processor: AMD Athlon™ 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/200mhz==== Disk Partitions =========================C:... Read more

A:My antivirus says I have a Trojan Horse

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 101.6

Greetings!

After working on trying to help my webmaster clean up a new site design, I went to hibernate my laptop to move into the bedroom. It hadn't finished by the time I made the short trek, so I left it on the bed. When I returned, it wouldn't power on, but when I plugged it into the power supply, it booted up fine with a message about plugging it in so I didn't lose any files - the message you get just before the battery dies. At the time, didn't see any issues. I chalked it up to user error on my part even though I'd clearly seen the window indicating the laptop was about to hibernate.

About an hour later of working, I went to hibernate the laptop again and discovered that it wouldn't let me do so. It displayed the 'about to hibernate' message and then came back with the desktop. At the time, I looked at the task manager and didn't see any programs I had running/open, so I tried hibernating from there. Same message. The laptop eventually let me shut down through the task manager. Doing so from the Start Menu only brought me back to the desktop after the initial 'hibernating' message.

The following day, I noticed that when I clicked any link in Google, it redirected me to various search engine sites and then some porn sites. I tried running a virus scan at that point and I couldn't bring up AVG. I disconnected from the internet (I have wireless; I just disabled the radio), pulled it up in safe mode and ran the AVG co... Read more

A:Trojan Horse 'generic', Trojan Horse 'Cryptic'

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 101.6

Hi all,

First of I'd like to say that it is very noble of you professionals who volunteer your otherwise precious time in helping out clueless people like me with their computer problems. I'll greatly appreciate any help I can get.

Well the situation is as such, recently I started my new job at a new workplace. And I believe the previous employee went to certain undesirable websites and was not aware of the implications to the computer terminal.

I installed an anti-virus programme (AVG), for safety purposes, and almost instantly it detected these trojan horses in the system.
Trojan horse Lop.4.k
Trojan horse BackDoor.Hupigon3.wyw
As my workplace is an off-site location, I do not have tech support. The computer is also unnaturally laggish in starting programmes. I have tried running AVG both in safe and normal mode but to no avail.

Also, I apologise for not being able to attach the Panda scan log but for some reason this terminal does not allow me to scan it via Panda scan.

Without further ado, here is the DSS log:


Deckard's System Scanner v20071014.68
Run by AdminNUS on 2008-06-10 11:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as AdminNUS.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:39 AM, on 10/06/2008
Platform: Windows XP SP2 (W... Read more

Read other answers
RELEVANCY SCORE 101.6

Hi I would appreciate some help please removing these TrojansLogfile of HijackThis v1.99.1Scan saved at 19:18, on 06-08-29Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\windows\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\SyncroSoft\Pos\H2O\cledx.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\BuyPin Software\Advertising Killer\akiller.exeC:\Program Files\POP Peeper\POPPeeper.exeC:\WINDOWS\system32\ctfmon.exeC:\www\Apache2\bin\ApacheMonitor.exeC:\www\Apache2\bin\Apache.exeC:\Perl\bin\perl.exeC:\Program File... Read more

A:Trojan Horse Dialer.28a Trojan Horse Pakes.u

By removing O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll in safe mode the problems seem to be resolved, would someone check the new log and confirm all is ok please.Logfile of HijackThis v1.99.1Scan saved at 06:52, on 06-08-30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exec:\windows\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\windows\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\SyncroSoft\Pos\H2O\cledx.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\BuyPin Software\Advertising Killer\akiller.exe... Read more

Read other 3 answers
RELEVANCY SCORE 101.6

Hi,
 
I've been handed a computer by my partner to look at that has a rather charming trojan horse hider.mpr on it.
 
Unfortunately it seems to have blocked me from accessing malwarebytes and avg that were installed on it. On closer look it has also 
blocked access to most websites.
 
Can anyone offer any guidance on where I should start to get rid of this, any support would be much appreciated.
 
Cheers
 
 

A:Dealing with a trojan horse "trojan horse hider.mpr"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502769 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 44 answers
RELEVANCY SCORE 101.6

I've been infected with the Trojan horse Agent_r.XJ and Trojan horse Generic22.LOZ viruses. I ran a scan with AVG. There were some viruses that could be removed but this is what was left over in inaccessible objects:

"C:\WINDOWS\system32\svchost.exe (1876):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\system32\svchost.exe (1876)";"Trojan horse Agent_r.XJ";""
"C:\WINDOWS\explorer.exe (1088):\memory_001a0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\WINDOWS\explorer.exe (1088)";"Trojan horse Agent_r.XJ";""
"C:\Program Files\Mozilla Firefox\firefox.exe (4800):\memory_001b0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\Program Files\Mozilla Firefox\firefox.exe (4800)";"Trojan horse Agent_r.XJ";""
"C:\Documents and Settings\Connie\Application Data\2DBF29BD99DB6FC99391D58322FEDAD9\arg70techsdk.exe";"Trojan horse Generic22.LOZ";"Moved to Virus Vault"

After the SpyBot search & destry listed below AVG reports this:
"C:\WINDOWS\system32\wuauclt.exe (4472):\memory_001b0000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"C:\W... Read more

A:Trojan horse Agent_r.XJ, Trojan horse Generic22.LOZ

Is this the right forum to post my virus problem in or should I post it somewhere else?

Read other 11 answers
RELEVANCY SCORE 101.6

Hi there. Was wondering if anyone could help.I am running Windows 7 and had initially become infected with a rougue application of AV8.exe. I downloaded MBAM and managed to clear the infection. I have also since downloaded and ran AVG 2011 with the latest virus databases.However, since then whenever I try to load a website (am using firefox as browser mostly) the browser begins to be redirected and AVG Online Sheild Alert flashes up with a warning: "Threat was blocked! File name: unsecured-sites.com/block.php?url=X (X being the url of the site i originally tried to access)Threat name: Trojan horse Fakealert.UD" When I scan with AVG it finds 2 infected files: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200):\memory_00010000C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5200)both are infected with : Trojan horse Adload_r.AKJThe 2nd file is removed and healed, but the 1st file says "object is inaccessible"I ran MBAM and it found nothing this morning - here is the report:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4787Windows 6.1.7600Internet Explorer 8.0.7600.1638510/10/2010 12:00:23mbam-log-2010-10-10 (12-00-23).txtScan type: Full scan (C:\|)Objects scanned: 222800Time elapsed: 31 minute(s), 8 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: ... Read more

Read other answers
RELEVANCY SCORE 101.6

How do I get rid of these Viruses.

Trojan horse Lop.AS, always in Temp Internet Files\Content.IE5

Trojan horse Dropper.Agent.CMA

and

Trojan horse Downloader.Generic2.TUJ

these where found by AVG anti-virus, free edition
Thanks in advance guys

Here is my Hijack This log :-

Logfile of HijackThis v1.99.1
Scan saved at 15:58:59, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:... Read more

A:Solved: Help.. 2 Trojan horse EXE files and a trojan horse Lop.AS

Nevermind, Have just finished a fresh install of XP.

I am now using Zone Alarm free Firewall,
AVAST! Anti Virus and
Ad-Aware SE.

Cheers
 

Read other 1 answers
RELEVANCY SCORE 101.6

Hello,

Vista home, AVG....finally able to install malware and got it to run (kept getting "windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them" puked at me and yes I was logged as admin). I "think" I got the problem taken care of hopefully (rid of the trojan) but not sure, still had a hard time getting hijackthis to run as it was giving me the same error. I hope I gave you enough info, this is my daughter's laptop having the problem. IE seems to be running a bit slow as does start up whereas before it was fast. Thank you so much for your help in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:39 PM, on 9/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Google\... Read more

A:b.exe, trojan horse congac, trojan horse zoeken

anyone out there?
 

Read other 1 answers