Over 1 million tech questions and answers.

3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Q: 3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Getting pop ups. Virus software detects problems but cannot fix them.AdAware detects "Purity Scan"Spybot cannot fix:DeskbarDownloader.Tsupdate.LHousecall froze while attempting to delete these problems:TROJ_DLOADER.BSKTROJ_GenericADW_Mediamotor.lTROJ_LOWZONES.AKADWARE_BEGIN2SEARCHADWARE_SAFESURFADWARE_MEDIAMOTORHere is the Log from BitDefender:C:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Infected with: Trojan.Downloader.YMC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\A0000007.dll.bac_a03912=>(Quarantine-4) DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Suspected of: Trojan.Downloader.Small.BCBC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\ac3_0002.exe.bac_a03912 DeletedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) Infected with: Trojan.Lowzones.CZC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) Disinfection failedC:\Documents and Settings\Taylor Scott\.housecall6.6\Quarantine\thiselt.exe.bac_a03912=>(Quarantine-4) DeletedC:\Program Files\Common Files\Yazzle1119OinAdmin.exe Infected with: Trojan.Downloader.BKKC:\Program Files\Common Files\Yazzle1119OinAdmin.exe Disinfection failedC:\Program Files\Common Files\Yazzle1119OinAdmin.exe DeletedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000010.exe Infected with: Trojan.Downloader.Small.BCNC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000010.exe Disinfection failedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000010.exe DeletedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000012.exe Infected with: Trojan.Lowzones.CZC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000012.exe Disinfection failedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP4\A0000012.exe DeletedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0000022.exe Infected with: Trojan.Downloader.BKKC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0000022.exe Disinfection failedC:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP5\A0000022.exe DeletedC:\WINDOWS\SYSTEM32\w1679f7a.dll_tobedeleted Infected with: Trojan.Downloader.YMC:\WINDOWS\SYSTEM32\w1679f7a.dll_tobedeleted Disinfection failedC:\WINDOWS\SYSTEM32\w1679f7a.dll_tobedeleted Delete failedC:\WINDOWS\YazzleBundle-1119.exe=>(NSIS o)=>zlib_nsis0001 Infected with: Trojan.Downloader.BKKC:\WINDOWS\YazzleBundle-1119.exe=>(NSIS o)=>zlib_nsis0001 Disinfection failedC:\WINDOWS\YazzleBundle-1119.exe=>(NSIS o)=>zlib_nsis0001 DeletedC:\WINDOWS\YazzleBundle-1119.exe=>(NSIS o) Update failedand here is my HJT Log:Logfile of HijackThis v1.99.1Scan saved at 2:15:16 PM, on 9/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\brss01a.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\AIM\aim.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\WINDOWS\system32\SEMBLY~1\wuauclt.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\eFax Messenger 4.0\J2GDllCmd.exeC:\Program Files\eFax Messenger 4.0\J2GTray.exeC:\WINDOWS\SYSTEM32\s?curity\chkdsk.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Taylor Scott\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon OnlineR3 - URLSearchHook: (no name) - {EB18E280-2738-50CF-41F7-05E2EA727AB6} - C:\WINDOWS\system32\pgsilwx.dllO1 - Hosts: 64.91.255.87 www.dcsresearch.comO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nse14.dllO2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dllO2 - BHO: (no name) - {EB18E280-2738-50CF-41F7-05E2EA727AB6} - C:\WINDOWS\system32\pgsilwx.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [cho61830] RUNDLL32.EXE w1679f7a.dll,n 0046182c000000021679f7aO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\system32\SEMBLY~1\wuauclt.exe" -vt yazbO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exeO4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exeO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.elitemediagroup.netO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A9DAD15A-365E-494D-9D41-8A0BB80007B0} (ArcticShell control) - http://www.arcticpigs.com/activex/mayhem.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeTIAChetlocal

RELEVANCY SCORE 200
Preferred Solution: 3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: 3 Trojan.downloaders (ym,small.bcb,bkk) And Trojan.lowzones.cz

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 11 answers
RELEVANCY SCORE 83.6

Hi to all!
I am not particularly happy at the moment as my computer has run into two trojans in the last week or so.
I am running on XP service pack 2 and have norton antivirus which cannot seem to remove these pesky viruses.
I have run other programs but my computer is still running extremely slow.
The regular, "download this to fix your computer" popups are showing with no signs of waning.

My father was given instructions from an IT guy who is a family friend but they did not work.

Can someone please help me?
Thanks
 

A:Need help removing Trojan.Vundo and Trojan.LowZones

bump
 

Read other 3 answers
RELEVANCY SCORE 83.6

Help! I've been infected with TWO Trojans for a couple of days now (Vundo and Lowzones), and my various efforts to remove them (primarily with Symantec, also with VundoFix) haven't solved a thing. I think it's time for some custom guidance. What should I do first? Thanks!
 

A:Solved: Trojan Vundo/Trojan Lowzones

Read other 10 answers
RELEVANCY SCORE 78.4

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 77.6

Hi to all,

I'm new here and glad of the info found so far..

I have Trojan LowZones which i can't remove, i've followed istructions from a thread about 2 months old...
So far... I've used Adaware SE personal , Spybot search and destroy, ccleaner HijackThis and Spysweeper to scan my system with updated definitions applied to all.

I think for the moment i just need someone to have a look at my HijackThis Log file if posssible? and see what might need deleting, or any other information you might need first... would be a great help.

I've uploaded the Log file,

Apologies for posting a new thread on this..

Many thanks

Lean14
 

A:Need help with Trojan LowZones?..

Read other 16 answers
RELEVANCY SCORE 77.6

my norton antivirus keeps on telling me that it blocked trojan.lowzones
i've tried running full system scan but it hangs halfway, when i tried running it in safe mode it detected nothing.
i used a squared free to try to remove it but it failed to detect it too. But when i checked my registry i found traces of the trojan running wierd dlls.
my hijack this log is included below. Just a side issue, whenever my computer blocks the trojan, i am not able to search anything on yahoo and google or access gmail. it just hangs halfway. Pls help me, thanks a mil

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:35 PM, on 29/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destr... Read more

A:Need help with trojan.lowzones

i just tried using combofix and it deleted some of the dlls that are installed and it seems to work. However i am still not sure whether i totally cleared the virus from my system.
the new hijack this log is as follows.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:17 PM, on 30/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Joshua Teng\Documents\HiJackThis.exe
C... Read more

Read other 1 answers
RELEVANCY SCORE 77.6

While I'm connected to the net Norton Anti Virus comes up every few minutes with a virus alrert on Trojan.Low Zones. And although it says ex[1].exe file deleted, at least two files all.exe and ex.exe repeatedly appear in the temporary internet file folder as quickly as I can delete them. I have tried following the removal procedure on the Norton web site with no luck (admittedly in the registry I find no values in the right pane that refer to any files noted). I've attached a Hijack file log. Help will be greatly apreciated.

Logfile of HijackThis v1.99.1
Scan saved at 8:02:23 AM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec ... Read more

A:Help with Trojan.LowZones

Read other 16 answers
RELEVANCY SCORE 77.6

My son downloaded an mp3 file which has apparently exposed my system to Trojan.LowZones. Although my Symantec antivirus program notifies me of Trojan.LowZones encounters and deletes the files, my system and web browser are operating erratically. The web browser (FireFox) in particular is constantly failing to load pages and/or being redirected. I've conducted full virus scans in both normal and safe mode, run AVG Anti-Rootkit, CCleaner and Spyware Blaster without effect. I'd very much appreciate assistance in interpreting my logs for resolution. Deckard's System Scanner v20071014.68Run by Marc A. Blincoe on 2008-06-08 18:01:44Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-06-08 09:01:49 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Marc A. Blincoe.exe) -------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:03:39 PM, on 6/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\s... Read more

A:Trojan.lowzones

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.Also, is Norton up to date here? Because it really suprises me that it didn't detect+remove a huge amount of malware here.

Read other 10 answers
RELEVANCY SCORE 77.6

Hi,I have detected the trojan.lowzones in my pc, and Norton is unable to delete it or repair it. I am unable to instal AVG, and most of the spyware that you recommended. The AD-aware SE does not find it, and pop-ups continue to appear.Can you please help me? This is my hijackthis log.Thank you.Logfile of HijackThis v1.99.1Scan saved at 3:22:42 AM, on 12/2/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\pcAnywhere\awhost32.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\s... Read more

A:Trojan.lowzones

Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was _____________________Download KillBox here: http://www.downloads.subratam.org/KillBox.zipSave it to your desktop.DO NOT run it yet._____________________With IE closed, run Hijack This again. Put a checkmark on these entries and hit "fix checked":O4 - HKLM\..\Run: [0sis001w.dll] RUNDLL32.EXE 0sis001w.dll,b 72376546O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe _____________________Boot into Safe ModeDouble-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. c:\windows\system32\0sis001w.dllc:\windows\timessquare.exe ______... Read more

Read other 3 answers
RELEVANCY SCORE 76.8

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 76.8

I've followed their directions on the virus description site. Which is "http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2005-032611-4546-99&tabid=3", in case that helps you. It's fully updated and I've run a full scan in Safemode as they've suggested but no luck. They suggested going into the registry to delete values from it, but they didn't specifically say which values it affects. I didn't want to mess around with my registry without knowing what I was doing. So here I am. Please help

I haven't gotten any weird pop-ups or messages or anything, and my comp is still working fine. I just don't want to leave a virus hanging around. Thanks!
 

A:Trojan LowZones, Norton won't fix it

Okay, so apparently I wasn't checking Norton correctly and found the file to get rid of. Sooo, never mind
 

Read other 1 answers
RELEVANCY SCORE 76.8

Hi guys,
is there anybody that can help me?
Thanks!

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.LowZones
File: C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\32JL8HJD\all[1].exe
Location: C:\Documents and Settings\Andrea\Local Settings\Temporary Internet Files\Content.IE5\32JL8HJD
Action taken: Clean failed : Quarantine failed : Access denied

Logfile of HijackThis v1.99.1
Scan saved at 1:31:35 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fil... Read more

A:Solved: Help: Trojan.LowZones all[1].exe

Read other 11 answers
RELEVANCY SCORE 76.8

I have read a few of the lowzones posts and am suffering from the same issue of trojan.lowzones that I can't remove. I have tried Norton and Spyware Doctor but neither will fix the problem. It seems each infection is different and that I need to include a HJT output so it is below. Hope you can help me. TIA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:39 AM, on 26/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 76

I actually downloaded a track from Lime wire and it .also downladed W32.Ircbot and no after some time my PC has also got Trojan.Lowzones.I read all the instructions and here are the Log files:MAINDeckard's System Scanner v20071014.68Run by laptop on 2008-06-07 09:32:13Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --5: 2008-06-06 07:51:05 UTC - RP78 - Windows Update4: 2008-06-05 16:41:03 UTC - RP77 - Windows Update3: 2008-06-04 15:20:06 UTC - RP76 - Windows Update2: 2008-06-01 09:57:32 UTC - RP75 - Scheduled Checkpoint1: 2008-05-30 16:56:48 UTC - RP74 - Windows UpdateBacked up registry hives.Performed disk cleanup.Total Physical Memory: 1022 MiB (1024 MiB recommended).-- HijackThis (run as laptop.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:52 AM, on 6/7/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Program Files\Java\jre1.6.0\bin... Read more

A:Infected By W32.ircbot And Trojan.lowzones

Hello Chitrank and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 4 answers
RELEVANCY SCORE 76

Hi TSG,

One of my computers has gotten infected with a trojan. It happened after I visited a website a couple of days ago, although I had no idea there was a problem until the next morning when I booted up. Two signs that something was wrong was that Windows Explorer.exe and alg.exe were trying to act as servers Id never seen that before. ZoneAlarm notified me of this and I clicked No to refuse them acting as servers.

Then Norton Antivirus 2007 started complaining about blocked attempts that were being made. It said it had detected Trojan.Vundo, Downloader, and Trojan.LowZones, and that it could fix these, so I let it fix them (or so I had assumed). I then ran a full system scan in both normal mode and safe mode no trace of the trojans. I thought I was safe. At my next reboot though, I still saw the explorer.exe and alg.exe server prompts, and Norton was complaining yet again about Trojans. The fact that Norton itself had become unstable and crash prone also worried me. When opening up Internet Explorer 7, I have my homepage set to Google, but when I went to go to a different site, an error popup appeared saying that an attempt to connect to a website (the same suspicious one from earlier) had been blocked by Norton. On a different attempt, it seemed like a new page was opening up every second until I killed the process.

At this point, I was considering Norton pretty useless in removing this virus (although it was helping to block the trojan), so I found your site... Read more

Read other answers
RELEVANCY SCORE 76

Hi, there. I'm infected with Trojan.WinReg.LowZones.F and can't seem to remove it. Any help greatly appreciated!

I've tried ewido, adaware, spybot, trojan hunter, symantec antivurs... nothing gets rids of it.

Using Windows XP

Here's my HJT log file:

Logfile of HijackThis v1.97.7
Scan saved at 1:42:31 PM, on 7/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\mtask32plus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\palm\HOTSYNC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google... Read more

A:Help removing Trojan.WinReg.LowZones.F

Read other 9 answers
RELEVANCY SCORE 75.6

Ok It looks like I am in a bit of a jam.
I think i have at the least

Trojan.Small.WY,
ALCRA.F
Trojan-Clicker.Small.JF

i will go ahead and post my hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:11 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\D-Link A... Read more

A:Ahhh help Trojan.Small.WY,ALCRA.F Trojan-Clicker.Small.JF

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

Read other 1 answers
RELEVANCY SCORE 75.2

Hi all, my computer has infected by Trojan.LowZones and Norton Antivirus can't even delete/clean the virus on my computer. Norton shows this trojan will automatically download and install download.exe and index.exe into my computer. There are the location where the trojan will be installed. " C:\windows\winsys\index1.exe and C:\windows\winsys\download.exe". Norton also shows an unauthorized access log. I have attached some of the pictures show what alert message I receive from Norton. What should I do now? Your helps is very appreciated. Thank you.
 

A:Solved: Computer infected by Trojan.LowZones and others. Please help

Read other 16 answers
RELEVANCY SCORE 75.2

Hello again everyone. I posted yesterday and received no responses. Since then my PC has become unusable.

Windows Explorer crashes constantly.
Firefox keeps crashing.
Internet Explorer wont even start unless it's to throw pop ups at me.
Norton keep giving my Trojan.Lowzone warnings.
PC is over all slow.
Internet connect is painfully slow.

I need help urgently!

Here is my HJT Log please help ASAP.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:42 PM, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windo... Read more

A:Urgent Help Needed with Trojan.Lowzones (HJT Log Included)

Read other 11 answers
RELEVANCY SCORE 72

Hey everyone, lately there has been a slowdown in my computer and alot of bad possesses.

A:Trojan downloaders?

In order to assist you effectively and identify the offending malware, we need more specific information. Please read Before you post about a problem, Some simple guidelines, then reply back here.What OS (Win 2K, XPsp1, XPsp2, Vista) are you using? What issues/symptoms of infection do you have?What actions have you taken so far?

Read other 1 answers
RELEVANCY SCORE 72

I don't know who to believe. I am running reg cure, webroot spysweeper,defender,McAfee,and windows malicious software removal tool. To start out I noticed my processor was running pretty high from it's norm. I usually use foxfire to log into the net but also use IE for some apps. My IE was redirecting me to a site called mywebsearch.com. I could get on my home page. the is started to do it to foxfire too. Before I lost internet connectivity I downloaded all the programs stated above to run a virus scan. Defender picked up a trojandownloader called win32/small.gen.c, regcure piced up infected registry keys, McAfee would scan then go to blue screen, same with webroot, but it also pics up infected reg keys,shortcuts,ect. and microsoft pics up a trojan called winNT/Alureon.C.
It seems everyday someting else is missing on my computer. I can't run anything from my dvdplayer,process won't start,internet connection is lost, ect. what do I need to do. I can't even dump it and start over. my player won't run now.
I am using my backup computer right now, but it is limited to what it can do.

Almost forgot I am running vista untimate and I do have Hijack This also.

A:trojan downloaders

I was really hoping for some answers to my questions!!!!!!!

Read other 2 answers
RELEVANCY SCORE 72

Help pls!! I've picked up and can't get rid of several Trojan Downloaders:

Downloader.Dyfica.3Al
.Small.41.J
.lstbar.AP
.lstar.9D

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 7/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sahagent.exe
C:\Program Files\180searchassistant\sais.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h... Read more

A:Help!!! Trojan Downloaders

Uninstall the following from Add/Remove Programs:

180solutions
PowerScan
SurfAccuracy
YourSiteBar
--------------------------------------------------------------------------
Download: Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.

Reboot.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup,... Read more

Read other 1 answers
RELEVANCY SCORE 72

Hi, I have been having issues recently with my Dell laptop. I believe that I opened a malicious file and that I downloaded several Trojans, as that is all my Avast! seems to find every time I start my computer. I don't know how to get rid of them myself and I really need my laptop back! Thanks in advance!KASPERSKY ONLINE SCANNER REPORT Saturday, April 19, 2008 8:34:57 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 19/04/2008Kaspersky Anti-Virus database records: 715149 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWSC:\DOCUME~1\Kristine\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 19811 Number of viruses found 6 Number of infected objects 15 Number of suspicious objects 0 Duration of the scan process 00:24:24 Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped ... Read more

A:Trojan Downloaders And More

Hello vidakriss,Welcome to Bleeping Computer Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks,tea

Read other 7 answers
RELEVANCY SCORE 72

Lol, for a little while i've been getting this Trojan Downloader alert coming from the AVG Anti-Virus folder. I've let it sit for a while, i've scanned and such, and i've tried to handle it myself by healing, sending it to the virus vault, etc, and trying to get it to go away just with having AVG handle it. It hasn't really worked, and I don't want to make the problem worse, so I've come to Tech Guy. :3

Here's the HiJackThis log.

MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi... Read more

A:Trojan Downloaders. :3

Don't mean to be a bother, but the topic nearly dissapeared. Just trying to get it back up, but I don't want to spam.
 

Read other 2 answers
RELEVANCY SCORE 72

So I've started cleaning some trojan downloaders out and cleaned out some. Would much appreciate help in eliminating what seems to be remaining in part or full form. Things are much improved now, much less pop-ups, but the concern remains that there are still infections. Running for instance system doctor suggests I have a few items still going, not sure if I may clean these myself or it is worth buying that version to help. Much appreciation for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:25 PM, on 11/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Trojan Downloaders And More!

Hello iwon,Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Read other 33 answers
RELEVANCY SCORE 72

I'm having trouble with a whole bunch of trojan downloaders and I'm not sure on how to get rid of them.
Trojan-dropper.win32.agent.hl
Trojan-downloader.win32.qoologic.v
Trojan-downloader.win32.apropu.ae
Trojan-downloader.win32.agent.qg
Trojan-downloader.win32.qdown.z

Here is my hijack this log. I hope someone will be able to help me. I'm not familiar with trojans, so any help would be nice.

Logfile of HijackThis v1.99.0
Scan saved at 9:10:36 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\system32\w?nlogon.exe
C:\Program Files\Comm... Read more

A:Trojan downloaders

Read other 7 answers
RELEVANCY SCORE 71.2

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 71.2

My laptop is running a lot slower than before. Kaspersky Internet Security 7.0 detects lots of malware, mostly trojan-downloaders and other spyware. I choose to delete them, but when I reboot, the same viruses pop up. Also, new viruses pop up too. I've tried using CounterSpy, KIS 8.0, ESET Nod32, but none of them could remove the malware. Please reply. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:23 AM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\perfs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\In... Read more

Read other answers
RELEVANCY SCORE 71.2

hey can someone plz help me i have a zolob trojan downloader and it keeps giving me nvctrl.exe and mssearchnet.exe and other things i will run the smitrem and everything in windows safe mode it also occasionally gives me spy falcon and i will go through the deleting prccess in windows safe mode and it will be gone for a few minutes but then later it comes right back it shows up on my microsoft spyware remover as spyaxe and trojan downloader i will remove it but it does no good i also use ewido to clean them still no good it goes crazy on ewido. I AM AT WHITS END WITH THIS CRAP.

A:Zolob Trojan Downloaders

You could try A?, a Trojan hunter. Just recommended it a few posts above. Free download.

Read other 5 answers
RELEVANCY SCORE 71.2

Here's the Log of my PC(it runs Vista). It wasn't directly infected, but I think a virus may have piggibacked off the infected Tablet on a USB drive I used. Logfile of HijackThis v1.99.1Scan saved at 10:36:49 PM, on 6/16/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Windows OneCare Live\winssnotify.exeC:\hp\support\hpsysdrv.exeC:\hp\KBD\kbd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Mozy\mozystat.exeC:\Windows\System32\rundll32.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows S... Read more

A:Infected By Trojan Downloaders on PC

Hi ,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed. And please describe why you think you might be infected and any symptoms you may have.

Read other 6 answers
RELEVANCY SCORE 71.2

Hello, I am an employee at a dental office. One of the receptionist's computer is experiencing Trojan softwares and frequent freezing problems. The computer uses Windows XP Professional and Internet Explorer as its browser. The computer is used for dental office softwares and for researching insurance details on the Internet. When the computer starts, after the login screen, the following error windows appear.Malwarebytes' Anti-Malware is already installed on the computer. However, it would not start up despite multiple attempts.The free version of Spyware Doctor is installed after the appearance of the freezing problems, and found the following spywares.Internet Explorer is also experiencing problems. Not only Google searches are slow, but also clicking on links opens a window either linking to advertisements or to a blank page with this message,Welcome to the MIVA DLL. Please enjoy your stay.Initialization errors: 0 with an URL similar to thishttp://204.137.28.195/bin/findwhat.dll?clickthroughy=52593x=1ZEJg6mkAsVK1apaET9Z54VbiTxZb7FmACEgEgsln2VXTCEnl47iICFmylE:5Tqv96IyQgSmsayKe4ZyylZSpaEYDtI0EN9LNiaIEJE4TNxqTCITslLLM2IQ5Hr;ABsIeTZdTtPA5aZrLarGDgIYt7bspcP2AlxqQCaguct0b4LwbcFFyJIzbufG3 The computer also freezes, and the freezing happens randomly. Sometimes Internet Explorer is running, while sometimes no programs are running at all.The computer is vital to continuing providing quality service to our patients. We appreciate any help Beeping Computer and its staff and m... Read more

A:Freezing with Trojan-Downloaders

The computer also can not create a restore point. It asks for a restart. However, it still does not work after restarts.

Also, the computer frequently freezes before showing the login screen. The computer must be restarted manually.

We value any help available. Thank you!

Read other 7 answers
RELEVANCY SCORE 71.2

Hello. I've recently had a large problem with what I think were Trojan downloaders amongst other things. I've followed several of the suggestions on this site and no longer "seem" to have a problem. Previous problems included pop-ups and my Firefox browser trying to connect to a random site. Every time I ran a virus scan it keep coming up with new viruses. However, I think that they may be gone, but I am unsure and could use any help you have to offer. Thanks in advance.I'm not sure what I am doing, but here is my HJT log:(Moderator edit: log post moved to HJT log Forum for team analysis and member assistance. Enthusiast)Logfile of HijackThis v1.99.1Scan saved at 4:30:33 PM, on 31/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1&... Read more

A:Am I Clean? (trojan Downloaders Etc)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

Read other 2 answers
RELEVANCY SCORE 71.2

Introduction and a little background on the problem:

Hello! I am a new member (thank you, thank you) who is prone to having bad things happen to good computers. Ok ... here it is. I have removed viruses and spyware manually a couple of years ago, but nothing recently. This is not my own computer (but ironically, it is one I am using while my computer is getting fixed).

The other night I was looking at one of those sites for myspace greeting icons. A bunch of windows popped up and as I tried to keep up and X out of each one as the computer's speed would allow, something installed automatically. There was an instruction in the details of the program that indicated that if the program was unwanted, I could go to the website and uninstall it. STUPID, I know .... but I did.

I tried to run an anti-virus scan on the computer as this computer apparently has Norton / Symantec; however upon closer inspection, there were no executable files in the Norton folder. I could not get the computer to scan. So ... I went out and bought a cheap $20 Defender Pro 5-in-1 product from a store and ran a scan.

It detected Spyware AND viruses.

Seemingly I have "WinAntiSpyware" and can't get rid of it. I tried going to the Symantec website and it gave me instructions to remove the 2006 version. I have the 2007 version. None of the keys in the registry matched up with what the website said to remove.

It detected the following trojans:

1- Trojan-downloader.java.openconnection.... Read more

Read other answers
RELEVANCY SCORE 71.2

need help to remove the following

Trojan Horse Downloader.GENERIC4.TBL
Trojan Horse Downloader.Zlob.KYW
Trojan Horse Downloader.Zlob.KYV
Trojan Horse Downloader.Zlob.KYS

and more similar
Am using AVG free edition and AdAware se

They do find them and Quarintine them but more keep appearing
please help !!!!!
 

A:trojan horse downloaders

Read other 14 answers
RELEVANCY SCORE 71.2

This is the log created by hijack this, this is also my work computer so I'd like to avoid trouble and get it resolved quickly...I have installed AVG anti-virus and ZoneAlarm firewall and I have run AdawareSE and Spybot Search and Destroy.....Please help me.....Thank youNicholLogfile of HijackThis v1.99.1Scan saved at 9:20:44 AM, on 06/21/06Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\csasvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\SOUND... Read more

A:Trojan Downloaders And Worms

Welcome aboard, lets get started Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.==Then after that, do the following scan and post the results:Please download Dr.Web CureIt to the desktop:Double-click the drweb-cureit.exe file and allow to run the Express scan.This will scan the files currently running in memory and when something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.Once the short scan has finished, mark the drives that you want to scan.Select all drives. A red dot shows which drives have been chosen.Click the green arrow at the right, and the scan will start.Click 'Yes to all' if it asks if you want to cure/move the file.When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantine-folder if it can't be cured. (this in case if we need samples)After selecting, in the Dr.Web CureIt menu on top, click file and choose save report listSave the report to your desktop. The report will be called DrWeb.csvClose Dr.Web Cureit.Reboot your computer!! Because it could be possible that files in use will be mo... Read more

Read other 14 answers
RELEVANCY SCORE 71.2

I seem to have gotten new threats of win32 trojans on my anti virus software. I have run superantispyware, but it did not dectect any threats. I am running Windows Pro SP2. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:40 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device... Read more

A:More Win32 Trojan Downloaders

Read other 6 answers
RELEVANCY SCORE 71.2

I had been getting various error messages when using windows explorer. I also get an error message when trying to use internet explorer. And subsequently can't use internet explorer. The error message looks something like this.Runtime ErrorProgram: C:\\ProgramFiles\InternetExplorer\IExplorer.exeThe application has requested the runtime to terminate it in an unusual way. Please contact the applications support team for more information.A while later the Mcafee software that I had been using detected a virtumonde virus, but it wasn't able to delete it. I have since unistalled Mcafee and installed the AVG Free edition. I have used the Vundo Fix and the VirtumondeBegone, they removed quite a lot of things in my computer, but I don't think that they got all of it out. So far, after all of this, I have ran the AVG Free antivirus, Spybot, ad-Adware SE, Super AntiSpyware, Ccleaner, BitDefender, Counterspy, and I installed a Zone Alarm Firewall. All of these programs seemed to find and fix different problems. After all of this, Im not getting the error message from using windows explorer, but Im still getting the error message when trying to use internet explorer. The AVG antivirus has been continously finding viruses in my system restore.Here is a recent log from HiJackThisogfile of HijackThis v1.99.1Scan saved at 4:56:55 PM, on 4/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\S... Read more

A:Virtumonde/trojan Downloaders

Please download VundoFix.exeto your desktop. Double-click VundoFix.exe to run it.Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.

Read other 3 answers
RELEVANCY SCORE 70.4

I recently scanned my computer with superantispyware and it cleaned up a few things. I thought I had scanned with AVG earlier but I don't think I had as it started by itself this morning. I had to leave it - I saw it had found something 'bad' and have been trying to find out what it was now that it was all finished scanning. BUT I can just find records of viruses found in scans from a few months back which I didn't even know had been found.

Anyway, what I have are:
Trojan Horse Downloader.Zlob.MCQ

and

Trojan Horse Clicker.GMC

The clicker one is located in a programme I use a lot. I have had this trojan horse there before and when I 'fixed' it, it deleted the whole programme. Will I have to do this again??

I also posted on the malware thread with my HJT log, before I saw these trojan things. Why did superantispyware not pick these up? Are they really a problem?

Please help. Thanks.
 

A:are trojan horse downloaders and clickers bad? Please help.

sorry - i think I was looking at my virus vault.

The one it found today ('exploit') was also there.

should I empty my vault?
 

Read other 1 answers
RELEVANCY SCORE 70.4

I recently acquired a virus/trojan that started by dropping my firewall. I'm not entirely certain where I picked it up, but believe it was an application on Facebook.

Either way, it has blocked my access to the registry, and constantly opens new tabs / hidden buttons on my laptop. Many of the new tabs are from http://sagipsul.com/go/?cmp=vm_mg_juan&uid=A7BE4696DE8B11DD8B7C166350CFFFFF&lid[...]&cl=superjuan The information in [...] varies dramatically and is lengthy, but the detail listed is the same from popup to popup.

First, I used AVG Free to scan. It found and removed several files and threats, but not the virus. I then used System Mechanic 4, which shows multiple registry errors. However, it will not fix them as "Registry editing has been disabled by your administrator". I have tried to run regedit, but get the same error message.

Can you help? This is the computer I use for work and my online business. It is critical (to me) to get it fixed.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Crypt Virus and Trojan Downloaders

Although I didn't really want to resort to a complete reinstall, it was urgent to resolve the problem.

For everyone who looked at my post, thank you.
 

Read other 1 answers
RELEVANCY SCORE 70.4

This is a business computer on a network- so far it's the only client infected. Several hours of work have apparently removed many infections, only to have some reappear from these infections which I can't seem to lick.I have run Adaware (from Lavasoft), Spybot Search and destroy, Trendmicro's free online scanner, and have since installed AVG anti-virus. Hijack this fails to run generating an error, many websites (including this one) are blocked on the affected client- I have to correspond from another client.Here are my Kaspersky log, followed by my DSS logs.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 18:17:33 Records in database: 981279--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Program Files C:\WINNTScan statistics: Files scanned: 11383 Threat name: 3 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 00:36:31File name / Threat name / Threa... Read more

A:2 Trojan Downloaders, Virtumonde, And Possibly More

Hello Justme- and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 16 answers
RELEVANCY SCORE 70.4

Currently infected with some sort of Trojan that slows me down and keepd pushing all kinds of ads onto my computer anytime I go online. Any help would be greatly appreciated. Thanks in Advance!Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-12-12 15:16:39Microsoft Windows XP Professional Service Pack 2System drive C: has 24 GB (64%) free of 38 GBTotal RAM: 766 MB (12% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:18 PM, on 12/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Common Fi... Read more

A:Infected with Trojan Horse Downloaders

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

THis i the tablet I mentioned in my earlier post. It got infected by which then proceeded to download a bunch of others. THis tablet is running XP.Logfile of HijackThis v1.99.1Scan saved at 10:42:21 PM, on 6/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ccmsetup\ccmsetup.exeC:\WINDOWS\system32\Dashsvc.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Softex\OmniPass\Omniserv.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exeC:\Program Files\Microsoft Windows OneCare Live\winss.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Window... Read more

A:Infected By Trojan Downloaders on Tablet

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. From your log it appears that you are missing one important program: an antivirus. This is somewhat suicidal in today's digital world. Without one you are at a high-risk of reinfection; while I can try to sort your problem out, if you have no protection, the infections will keep resurfacing. Here are some great free antivirus programs:Antivir, Avast!, AVG, Bitdefender FreeInstall one of these, then run a full scan, letting it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | ... Read more

Read other 25 answers
RELEVANCY SCORE 70.4

I have recently been hit with trojan horses and have read some other posts on this board and have tried some of the advice, but they still keep coming back.

I am getting AVG alerts informing me of following files:
trojan horse downloader.generic2.cxp
trojan horse downloader.generic2.ahr
trojan horse downloader.generic2.cvc
trojan horse dialer.btg
trojan horse dialer.btc

I have tried running CCcleaner, AVG, Ewido, Smitfraudfix, but have not been successful.
I am willing to run through the steps again and any other tips or advice.

I have just installed and run HJT and included the log. I didn't fix anything via HJT yet.
I also have included my Panda log.

Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 1:42:03 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PR... Read more

A:Trojan Horse downloaders and dialers

Read other 7 answers
RELEVANCY SCORE 70.4

Hey guys --

I have a computer that was infected so I did the necessary things to clean it out, or so I thought. I use TrendMicro's OfficeScan on the computer. After cleaning, it did not find any threats, but the next day the threats started at around the same time(noon). It seemed like a downloader since it pulled 20 threats in under a couple of minutes and stopped once I pulled the network cable out. The first day I had a process named 17PHolmes572.exe which had multiple instances in task manager. Cleared those and the next day it became something like b133.exe.bin . And today I noticed a process mrofinu572.exe which I looked up and it said that it was malware. The types of viruses found by officescan are TROJ_VUNDO.BIN, TROJ_PURITY.AD, TROJ_DLOADER.AER, TROJ_RENOS.FV, TROJ_Generic.A, TROJ_ZEROML.BJR, TROJ_DROPPER.AIO, TROJ_DLOADER.HBK, TROJ_AGENT.HGN (Multiple instances of each). Also ran Ad-Aware which cleaned registry infections and possible browser hijacks. I've cleaned with ad-aware, scanned with officescan, cleared temp files and folders and also the ones under Content.IE5 path. A few of the files wouldn't delete under this path so I ended the explorer process and deleted them through the command prompt. This seemed to rid of them. Heres the posting of my HiJackThis log from today. All help is much appreciated . The process C:\WINDOWS\TEMP\XV7FB1.EXE is what OfficeScan uses to redirect an intruder. Something to do with OfcDog.
Logfile of Trend Micro ... Read more

Read other answers
RELEVANCY SCORE 70.4

Hey guys, listen, I've been a long time fan of this site and what you guys do. You guys are a great help and have helped me greatly in the past, even though this is a new account.

So once again I need your wisdom.

My sister recently downloaded a game from the internet, and I'm sure by doing this, she also downloaded a trojan that came with it.

As I was logging in to my admin account on WinXP Pro SP2, I was greeted by my normal start-up applications and then out of nowhere the command prompt boots up...then a German application pops up (minimized) on my desktop bar...next thing I know McAfee (my anti-virus program) pops up asking if I want to grant the program "Project 1" access to the internet. That's an obvious no. Well McAfee pops up two to three times more prompting the same thing, only with two other programs that I'm sure were viruses/generic downloaders.

So I do my standard clean-up...I run Ad-aware SE Pro, McAfee Anti-Virus '05, and McAfee Anti-spyware. Ad-Aware finished and everything it picked up, I deleted. McAfee anti-spyware finished and I deleted a whole bunch of spyware/adware...pretty standard. McAfee anti-virus pops up with 5 components all which it labled as Trojans or Generic Downloaders. Each trojan, (I believe) was named "Dollar Revenue." McAfee asked me if I wanted to "Clean," "Quarantine," or "Delete" the Trojans. I tried all three options but mcAfee was unable to do any of them. I fi... Read more

A:Generic Downloaders & Trojan Aftermath

Bump.

Read other 6 answers
RELEVANCY SCORE 70.4

I recently scanned my PC with Norton AntiVirus, and I have multiple threats;
most of which include Downloaders and Trojans. It could not get rid of them as repair and delete failed.
AdAware was also no help.

I am running Windows XP and most of the threats are coming from temporary internet files, but the folder is not there.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:33, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
H:\Program Files\Razer\Habu\razerhid.exe
H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
H:\Program Files\Java\jre1.6.0_02... Read more

A:Downloaders & Trojan Horse (Text[1].dat)

Read other 15 answers