Over 1 million tech questions and answers.

Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

Q: Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0270Mon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\louise\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[2].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0270Mon.exe] C:\WINDOWS\V0270Mon.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0270Ext.ax] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0270Ext.ax
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlahTeam] C:\DOCUME~1\louise\APPLIC~1\DENTST~1\owns for third.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/btmailcontrol013.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/btwebcontrol028.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9848 bytesTY for your attention and help in advance.

RELEVANCY SCORE 200
Preferred Solution: Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 182.4

DDS (Ver_09-05-14.01) - NTFSx86 Run by gus at 0:50:16.98 on Thu 06/11/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.571 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Norton SystemWorks\... Read more

A:Packed Generic 214 , Infostealer Banker C ,Trojan Horse, Downloader, and Backdoor Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 2 answers
RELEVANCY SCORE 175.2

Hello everyone. I had a problem with my PC once in the past & someone here was really nice & showed me how to fix it so here I am again with another problem hoping that someone can help me again.

I got a result in my AVG Anti-Virus scan that had 10 infected files that were not removed.
These are the files:

C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038541.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038544.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038549.exe:\IMKKZI~1.EXE
Trojan horse Generic11.AV
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038551.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A003851.exe:\setup.exe
Trojan horse Dropper.Generic.AAMD
C:\System Volume Information\_restore{6C78443-313E-4C28-8F15-6B7C41ECCE60}\RP43\A0038556.exe
Trojan horse Generic11.AV
C:\System Volum... Read more

A:Trojan horse Generic 11.AV & Trojan horse Dropper.Generic.AAMD

Read other 9 answers
RELEVANCY SCORE 173.6

I would appreciate any suggestions or links outlining the best way to remove "trojanhorse backdoor.generic13.bkvz". I did try Malwarebytes but the program crahsed before the scan completed.

Thanks in advance,

Bobcat

A:Trojan horse backdoor generic 13

Have you updated to the most recent version and database for Malwarebytes? Malwarebytes should get rid of this.

Neal

Read other 1 answers
RELEVANCY SCORE 173.6

Shoot! I just got this thing popping up first in an AVG shell scan of a downloaded folder and then after deleting it, it is showing up in my system scan in system restore. I just went through getting cleaned of another virus a couple weeks ago and had to do a system restore flush, etc. Before I proceed to chase this little bugger down, I wanted to ask in here if I should go through the whole Hijack This scan and post or what advice I might get here.

thanks in advance
Rachel
 

A:Trojan Horse Backdoor.Generic.ICJ

if it is just showing in restore point then do the flush again
 

Read other 2 answers
RELEVANCY SCORE 173.6

I encountered this Trojan on my system. I'm running windows Vista. I ran AVG, Malewarebytes and Spybot in both regular and safe mode... TWICE. It appeared that everything was cleaned up. But everytime I start my PC in regular mode, the AVG Resident Shield finds Generic 11.ZNE in System32\hjgruimempuvue.dll. I have tried to locate the System32 file in safe mode to manually delete but can't find it. I don't know what else to do other than wipe my hard drive... Please help!

A:Trojan horse BackDoor.Generic 11.ZNE

Please run Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Cha... Read more

Read other 2 answers
RELEVANCY SCORE 173.6

Win. 2000 Pro
5.0.2185 Service Pack 4 Build 2195
Pentium 4
256mb ram
20gb drive

Avg found trojan horse backdoor.generic 8.wmx so I thought I'd better get in here and ask questions.

The first time it showed up today, I chose "heal" and it said it was healed. Second time it showed its face was when I was running AVG scan later today. This time it put it in the vault. Is this something to worry about? I don't want to carry on if this is something that needs to be dealt with right away.

Thanks for any help.
 

Read other answers
RELEVANCY SCORE 173.6

I have posted to this site once before and you guys were all so great that I figured you are the best to help again. I recently just started to get AVG popups saying "Threat Detected" It looks as if the Threat Name is slightly different or I may be imagining this (I wasn't, see below), I will keep a closer eye on this now that I have started to look into it. AVG reports
File name: c:\users\hope\appdata\local\{f10a8889-e06b-1248-98ed-b532ff8ad06a}\n
Threat name: Trojan horse BackDoor.Generic15.BHGZ
(just got the below one to popup)
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI

It comes up randomly when a browser is already open but I seem to be able to pretty reliably force it by opening firefox. It actively blocks AV sites like Malwarebytes ect so it will take a little more effort to download programs for your logs but I am more than happy to run back and forth between computers as needed.

As far as system info this is a Win7 64bit system. I do have a win 8 Partition that was done semi recently but I cant say immediately before the problem started, I don't know that anything else has been installed recently.

Please let me know the next steps to take and I will happily follow your guidance.

A:Trojan horse BackDoor.Generic

Hello kking,probably because c.MMI is dropping other malwares in.Dropper.Generic_c.MMI has the ability to download many other malwares, backdoor Trojans or worms so you should change all passwords when done.Lets run a few tools and look at the logs please.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the lo... Read more

Read other 8 answers
RELEVANCY SCORE 173.6

Hi people. I recently had my avg free edition detect a trojan horse backdoor generic 9 on my computer. The file is at the system 32 folder under the name winxp.exe. I have tried deleting the file directly through safe mode but it keeps coming back whenever I restart my computer. I have run through adaware but it is of no help. Here is my hijackthis logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:37 PM, on 7/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files... Read more

A:Trojan horse backdoor generic 9 help

Hello and welcome to TSF

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 173.6

I have been looking everywhere for help. I recently installed AVG 8.5 and ran a scan the scan found Trojan Horse Backdoor Generic.11.JAA and would like to remove it please help.

A:Trojan Horse Backdoor Generic.11.JAA

Does AVG not give you an option to remove it?IMPORTANT NOTE: One or more of the identified infections was a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. Read Danger: Remote Access Trojans.If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control again. and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the infection was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and inc... Read more

Read other 1 answers
RELEVANCY SCORE 171.6

Hello I am trying to fix a problem with an XP computer. IE and Firefox will not start. AVG has had failed updates for two weeks. Spy Bot does not find anything. Spy-ware Doctor did not find anything. Ad Aware did not find anything. Malwarebytes twice found Trojan.Agent in IE and Quarantined it. AVG detects Trojan Horse BackDoor.Generic 12 AAVT every time I run a spy-ware program and quarantines it. Any help would be appreciated. Thank You Ian

A:Trojan Horse BackDoor.Generic 12 AAVT

Update mbam and run a FULL scanPlease post the results===================Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.===========================SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" ... Read more

Read other 3 answers
RELEVANCY SCORE 171.6

I believe I have a couple of viruses. AVG will alert me and tell me a threat has been detected. A trojan horse virus. Here are three locations I know of.

C:\windows\system32\autodis.dll

C:windows\explorer.exe process ID:1844

C:\programs\files\internetexplorer

I can't use internet explorer at all. When I do, my computer slows and I get multiple threat pop ups. Also, AGV tries to move them to the vault, but they never go away. Please help if you can. Thanks.

Here is my Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:49 PM, on 6/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDO... Read more

A:Trojan horse backdoor virus generic 11 .hdx

Read other 16 answers
RELEVANCY SCORE 171.6

I recently had to remove the "SecurityTool" malware from my sons computer. I followed your removal guide here http://www.bleepingcomputer.com/virus-removal/remove-security-tool with success but since the removal he has found that the system runs slow and now has a repeating virus warning from AVG Free.AGV is picking this up every few minutes or so I have contacted AVG but after 5 days have had no response at all.I have run Spybot and CCcleaner to see if that would resolve the problem with no effect what so ever.Running Malwarebytes works until the system has been re-booted and the problem starts all over again.ok he is runningWindows XP homeVersion 2002service pack 2AVG FreeMalware reportMalwarebytes' Anti-Malware 1.43Database version: 3499Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.1310/01/2010 5:50:50 PMmbam-log-2010-01-10 (17-50-50).txtScan type: Quick ScanObjects scanned: 129474Time elapsed: 14 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 3Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter... Read more

A:trojan horse backdoor.generic removal

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malwa... Read more

Read other 15 answers
RELEVANCY SCORE 171.6

hi,
Something very odd is happening to my PC in recent days. every time i try to download any file I get an error 'file contained a virus and was deleted’. AVG is seeing a trojan horse: 'trojan horse backdoor generic 17.err', but cannot correct or fix it. it's the same if i turn off AVG virus guard.
Microsoft sercurity client,  I was using is no longer available.
I’ve tried to download ComboFix 13.5.20.1, same error and also DDS same error. That’s in explorer 9. In firefox it appears to download, but then can’t open it.
So I downloaded on another laptop. Zipped it up, and emailed to myself onto the infected PC. But can’t extract it.
Then it gets spooky, al least to me. I set up an a/c on bleeping computer, and wait for the authentication email. Nothing arrives. I go to re-validate, no email… did it again, and still no email. Not in spam or junk mail. So I re-register using  my work email. And get the authentication email. This virus seems to know I’m after it.
Please help: what can do to fix this one? I’m not an expert on viruses but work in telecommunications and have had PCs for many years, and was an early adopter of the internet.
Smudge77
 
 

A:infected with trojan horse backdoor generic 17.err

I'll report this topic to appropriate helpers.
Hold on there....

Read other 37 answers
RELEVANCY SCORE 171.6

Hi, I was instructed to post here from this topic: http://www.bleepingcomputer.com/forums/t/489889/trojan-horse-backdoor-infection/ (Message copied below)
 
_______________
 
I am well aware of how dangerous trojan backdoor is and the best way to fix it is to reformat my computer, as informed by boopme. Yes, I plan to reformat my computer soon but I kept getting Trojan Horse Generic from AVG scans so I'm not sure whether I should reformat it now or after these generics are cleaned. I was told in some cases, some viruses remain after a reformat. Because I am quite inexperienced with trojan backdoors, I don't know if the trojan generics can also be cleaned by reformatting my computer, or if there are more different trojans.
 
Thank you for your help!
 
_______________
 
 
This is what was written on the topic:
 
"
Hello,
 
2 days ago, I decided to run a regular virus scan and unexpectedly, my computer was infected with “Trojan horse Generic32.MKY”. It was removed after the scan by AVG.
 
Then later, AVG popped out and said it detected another one of the same infection, which was removed afterwards as well. The virus didn’t affect my computer performance therefore I didn’t know my computer was infected.
 
I was worried that that there were more Trojans because the second Trojan wasn’t detected from the scan. So I scanned my computer with AVG, Malwarebytes, ESET Online Scanner and Super... Read more

A:Infected with Trojan horse Generic, BackDoor

Hello Fruit and welcome back to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
 
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
I am looking at your logs now and will reply with instructions shortly.
Satchfan
 

Read other 40 answers
RELEVANCY SCORE 170.8

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 170

I have been asked to post my DDS logs here. If needed you can see the original post here.Here are some notes about steps 6-96 no reboot required7 DDS log follows8 GMER didn't seem to run correctly (64 bit system), most of the check-marks were grayed out and I could not check them off. I can scan with available options if it would help.9 Here you go...DDS.log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Hope at 18:38:57 on 2012-07-17Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1381 [GMT -7:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32... Read more

A:Trojan horse BackDoor.Generic (zero access rootkit)

No hits so far. I await those smarter than me to guide me to my next steps.

Read other 16 answers
RELEVANCY SCORE 170

Hello,

What a pain in the neck this virus has been. I made the mistake of trying to download some software as a torrent from Pirate Bay and when I unzipped the file, my AVG went nuts and said I had been infected with the Trojan Horse Backdoor Generic 12 AIHO. The initial AVG scan placed the virus into the virus vault but I was unable to delete it.

I re-scanned my computer but it did not find it again, however, I noticed quite a few of my files were marked "Locked/Not Tested", which I have never seen before (or since). At one point I started receivingpop ups indicating my conputer was infected and asking if I wanted to buy an update for my Vista Security Software. I scanned with ESET Online Scanner and it found and cleaned the following: Trojan Horse SHeur3.NN.

Thus far, my computer seems to be functioning fine but I think I've got a hidden infection. When I re-start my computer, a screen flashes that reads Header - Failed to Locate Application Resources, which I have only noticed since the initial infection. I also tried to open MyPhots and MyPhotos from the start menu and it said they are not accessible.

I am attaching the scan logs you request on the Start Here tab but am also including a couple of the other scans I've done to hopefully help isolate the issue. I am a bit worried about personal information stored on my computer, including business tax #, banking info, credit card info, passwords and other sensitive data.

Anything you can do ... Read more

A:Help removing Trojan Horse Backdoor.generic 12 AIHO, please

I need to add that a couple of times a service called QLBCTRL.exe was using 20 CPU when I pulled up the Windows Task Manager and the usage graph looked like a very strong earthquake, up to 100% at times.

Read other 1 answers
RELEVANCY SCORE 170

Hi,
 
My laptop has come up with a "resident shield alert" telling me a threat has been detected.
 
I can load the image on here for some reason but it says
 
File name: C:\Windows\Sky Tel.exe
Threat name: Trojan horse BackDoor.Generic16.CMTG
                       Detected on open.
 
Remove threat as Power User
 
It then offers 3 options;
heal
move to vault
ignore
 
I'm not sure if it is even valid? When I press heal, It tells me it cant be healed. If I ask it to move it to the vault (not sure what that is!) it warns me that this can cause system unstability or crash!
 
I have windows vista and my laptop is an advent 8115 and very old! I think 6 years now, but it has served me well.
 
If anyone can help me remove this threat I'd really appreciate it, I don't want to lose all my history
 
Thanks
 

A:Trojan horse backdoor.generic threat, please how do i remove it?

Hello, what tool is saying this?SkyTel.exe related to the Realtek Voice Manager used by some of their audio chipsets. The proper location is   C:\Windows\System32\Sky Tel.exeYours appears to be a malware location.Move it to the vault (not sure what that is!). This is the Quarantine:it attempts to move the file to a safe location that is managed by the antivirus software.It moves the file to safe storage under control of the antivirus program - so it can't harm your system - but it's there in case a mistake was made and you need to restore that file. I feel it is important you know this... One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of ... Read more

Read other 1 answers
RELEVANCY SCORE 168.4

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 166.4

Hello,

First, two thumbs up for the good work you guys do here!!

Second, MY PC has several related/non-related "issues".

-- Within the past month, I have eight instances of the Trojan Horse PSW.Generic.MYP in my AVG Vault (I attached a csv file) and 3 instances of Trojan Horse Gneric 5.100 as well as one instance of Trojan Horse Agent DYC

---My PC takes 3 times as much time to Start-up as it used too.(few minutes in regular mode and 15+ in Safe Mode)

---I run AVG anti-spyware once every day. EVERY TIME I do, I get AT LEAST four THOUSAND traces and over 30+ objects. I attached a copy of a scan that was run 4 days ago just as a point of reference. (Scan-20070730.txt)

I recently(ironically one month ago) went through a nasty break-up with a very computer savy ex girlfriend. Not that it is important but it seems after looking up these particular Trojans, they all seem to be geared towards password theft. Please take a look at my logs below. Also if there is anything else you might suggest to prevent password theft in the future please let me know! THANKS

***************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:00:31 AM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svcho... Read more

A:Password stealing Trojan Horse?? Trojan Horse PSW.Generic.MYP

No responses....hmmm? Can someone please tell me (PM or in open forum) what I did wrong here? wrong forum, wrong format, or just plain wrong? lol I really would like to solve the issues I'm having related to malware/spyware etc

THANKS
 

Read other 1 answers
RELEVANCY SCORE 166

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 164.4

Hello, there! First up, I have to mention how glad I am at coming across this amazing forum. I have a problem so I thought I'd do a Google about what could be done about it.Came across the forum, here, and read through several topics that had virus/malware trouble. Was quite amazed, and very pleased, to see how each topic was dealt with, in such a personal, step-by-step manner giving positive results in all cases. Anyway, here goes my bit of a kerfuffle........ Downloaded a file which I required. Checked the ZIP file using my AVG Internet Security 2011. All was fine. Opened up the file and placed on my desktop temporarily. Inside the file were the setup.exe and other files I required. On opening one of them (the setup.exe was fine, by the way, and was exactly what I needed) a Malicious Threat warning popped up from my AVG. I had AVG deal with it but now this important file had vanished! I had to re-download the ZIP file again. This I did and followed the same procedure as outlined previously. Yet, again, the AVG popped up! Same thing happened. By the time I downloaded the third time the file was allowed upon my decision: Yep, you guessed it............! The file opened for a split second and then it vanished again. It was late at night so I left everything and turned off the PC until the next day. When I started my PC this is when I noticed I had a problem: Very slow start (about 3 minutes), HDD chattering away for... Read more

A:INFECTED WITH MULTIPLE THREATS: Trojan Horse Agents, Crypt, Generic 26 and 27 as well as Backdoor

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

Read other 49 answers
RELEVANCY SCORE 164

The alert of this trojan horse infection keeps appearing whenever i try to access my drives through "My Computer". Even though i click on move to vault, this problem persist repeatedly.

I have run AVG, scanned and remove to vault but problem persist.

I tried to access and del the filename: C:\WINDOWS\system32\winxp.exe but the file reappears each time click on C drive in "My Computer" too!

This process name is stated each time the threat is detected
Process name: C\WINDOWS\system32\wscript.exe

I would really appreciate if anyone out there can help me on this. Thanks a million.


========================================================




DDS (Ver_09-10-13.01) - NTFSx86
Run by Charles Kho at 1:19:25.96 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2568 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGR... Read more

A:HELP! Trojan horse BackDoor.Generic9.MQL

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

You have an autorun worm onboard. These are typically transmitted via USB flash drive, or other USB devices. Please ensure any USB key recently used is inserted in the machi... Read more

Read other 19 answers
RELEVANCY SCORE 162.8

I have been having problems signing onto MSN messenger-- it just keeps on telling me that my connection is lost, and I just could not sign in onto it! I have tried using Trillion to sign in instead, but it doesn't work. AVG and Norton Antivirus tells me that I have the virus Trojan horse backdoor generic7.fnt, however, both programs could not help me remove the virus, apparently, permission is denied. I have tried googling said virus, but there aren't many results returned. I am using Windows XP.

Please do help me, I am at wits' end!
Thank you for your kind attention!
 

A:Trojan horse backdoor generic7.fnt

Hi and welcome to TSG,

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 162.8

I am sick and tired of this Trojan attacking my computer over 50 times a day. Every 10 minutes I am removing the damn thing by AVG and Ad-Aware.

I know there have been previous problems with this by others, but can someone help get rid of it in easy terms.

Also, is it possible to track this thing to its source, so I can make a personal visit with my gun. I just want to show the bastards behind this thing what the ramification of their action can be. Who knows, maybe the news will stop others from this goddamn intrusive practice.

Yes, the gun will be loaded.

In the mean time, can someone help get rid of the Trojan once and for all. My computer is down to crawling.

A:Trojan Horse BackDoor.Generic7.HYA

Please carry out these instructions...


http://www.techsupportforum.com/secu...sting-log.html

Read other 1 answers
RELEVANCY SCORE 160.8

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NEXTPlease visit below webpage for instructions for downloading and running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.Regardsfenzodahl512

Read other 2 answers
RELEVANCY SCORE 159.6

Greetings!

After working on trying to help my webmaster clean up a new site design, I went to hibernate my laptop to move into the bedroom. It hadn't finished by the time I made the short trek, so I left it on the bed. When I returned, it wouldn't power on, but when I plugged it into the power supply, it booted up fine with a message about plugging it in so I didn't lose any files - the message you get just before the battery dies. At the time, didn't see any issues. I chalked it up to user error on my part even though I'd clearly seen the window indicating the laptop was about to hibernate.

About an hour later of working, I went to hibernate the laptop again and discovered that it wouldn't let me do so. It displayed the 'about to hibernate' message and then came back with the desktop. At the time, I looked at the task manager and didn't see any programs I had running/open, so I tried hibernating from there. Same message. The laptop eventually let me shut down through the task manager. Doing so from the Start Menu only brought me back to the desktop after the initial 'hibernating' message.

The following day, I noticed that when I clicked any link in Google, it redirected me to various search engine sites and then some porn sites. I tried running a virus scan at that point and I couldn't bring up AVG. I disconnected from the internet (I have wireless; I just disabled the radio), pulled it up in safe mode and ran the AVG co... Read more

A:Trojan Horse 'generic', Trojan Horse 'Cryptic'

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 158.8

Hi,
My computer has really slowed down ever since I got these viruses. It also crashes randomly and gives me a blue screen. I tried to do a system restore but failed. Bitdefender 2011 keeps on telling me that its blocking a virus called "Trojan Generic" and also another one called "Trojan Horse" but the box keeps on popping out every 10 seconds or so. I have scanned my computer with HijackThis and will post the resulst below. I will appreciate any suggestions anyone out there has since I've tried on myself for a week to remove it with programs like Malwarebytes, Spyware Doctor(actually bought it 2 days ago but it did nothing), Bit Defender 2011, AVG 2012, and have failed to remove it. Thank you for your time!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:09 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Gabriel DLT\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)... Read more

Read other answers
RELEVANCY SCORE 157.6

Hi Guys,I've had a virus on my computer for 2 months now but can't remove it. Norton says it's trojan.cachecachekit and AVG says it's trojan horse Generic.GM. I've done scans with Panda, AVG, Ewido, Stinger, Spybot, Ad-Aware SE, CCleaner in both safe mode and normal mode but nothing seems to work. It SEEMS once the system boots up it re-installs itself. The popups are so bad I can't even work on the computer. If I wanna work then I need to disable my anti-virus shield. My laptop is a dual boot system (win 2000 pro and win xp). So far I only see problem with win 2000. Win XP seems to be fine. I have a wireless network at home but this virus was caught while I was away from home. I have tried suggestions from other forums and Symantec but so far nothing has worked. Now either it's re-formatting the HD or you guys. Pleaaaaaaaaaase don't make me re-format my HD. Thanks for all you help in advance.Here is the most recent Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 12:15:40 AM, on 12/27/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\system32\svchost.exeD:\WINNT\System32\svchost.exeD:\WINNT\system32\spoolsv.exeD:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeD:\PRO... Read more

A:Infected With Trojan.cachecachekit / Trojan Horse Generic.gm

Fix these with HJT ? mark them, close IE, click fix checkedO4 - HKLM\..\Run: [Microsoft IIS] D:\WINNT\system32\syshost.exe O4 - HKLM\..\Run: [Microsoft Windows Autowxckn] autowxckn.exe O4 - HKLM\..\RunServices: [Microsoft Windows Autowxckn] autowxckn.exeO4 - HKCU\..\Run: [Microsoft Windows Autowxckn] autowxckn.exeO23 - Service: File copy caching service (cpy) - Unknown owner - D:\WINNT\cpy.exeO23 - Service: Mod Libary (modlb) - Unknown owner - D:\WINNT\modlb.exe (file missing)=================Click Start > Run > and type in:services.mscClick OK.In the services window find File copy caching serviceRightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.Repeat for - Mod Libary=============DownLoad http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for c... Read more

Read other 9 answers
RELEVANCY SCORE 157.2

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 154.8

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 154.8

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 153.2

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 150.4

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 150.4

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 150.4

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 150.4

Edit: Trojan Horse BHO.HJE infection post Trojan horse generic 12 infection (by post i mean after)Trojan Horse BHO.HJE infection AFTER Trojan horse generic 12 infectionI have resolved or am in the process of resolving this trojan horse generic 12 infection when AVG informed me that i now have trojan horse BHO.HJE. I ran a malwarebytes smart scan and nothing found. Here are the results of HJT scan:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:15:02 AM, on 2/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin&... Read more

A:Trojan Horse BHO.HJE infection post Trojan horse generic 12 infection

Hi sharma10,Welcome to the BleepingComputer forums.We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.===Very Important===The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.=================A few things which will make our fix go more smoothly.Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.Please DO NOT install any software while we are working.Please Do not skip any steps. With some infections skipping a step can be disastrous.If there is something you don't understand or or are unsure of -- please stop and take a moment to ask about it. If you are running P2P filesharing program(s). My recommendation is you uninstall it/them.Remove any cracked/pirated software. I will immediately stop helping you if I discover any.The most important thing to remember is to be patient. Very seldom can we remove the ... Read more

Read other 1 answers
RELEVANCY SCORE 149.6

I currently keep getting a Trojan Horse Generic5 virus need help removing i have used AVG SPybot and Adware but still having problems... along with random pop ups (not sure if part of the virus or not please help here is my Hijackthis log

Thanks



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:35:14 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Documents and Settings\Kristopher\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco..... Read more

A:Trojan Horse Generic 5 please help

cleaned up a few things but here is what i still have

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:58:56 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Kristopher\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVers... Read more

Read other 3 answers
RELEVANCY SCORE 149.6

Hi,first of all Merry Christmas and many thanks to this fantastic site for some suggestions I catched surfing the net. Computer Pro gave some solutions to the problem on the topic. It seems that this trojan horse generic 16.BVN attaches windows and using installer.exe introduces every minute high risky infections which I removed constantly with AVG free. But the problems remained, because AVG doesn't recognize any threat. Following Computer Pro suggestions on topic http://www.bleepingcomputer.com/forums/t/280852/trojan-horse-generic-16bvn/, I downloaded Malwarebytes Anti-Malware 1.42 version and completed the scan of the my laptop and removed the infections and restarted the computer (I use WindowsXP and mozilla firefox). Now it seems all the problems are solved. But Computer Pro suggested in the above topic to follow with ATF Cleaner and SUPERAntispyware in that case. What in my case? See the MBAM text coming from the Malware Anti-Malware launch: Malwarebytes' Anti-Malware 1.42Database version: 3429Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870225/12/2009 21.35.42mbam-log-2009-12-25 (21-35-42).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 194949Time elapsed: 1 hour(s), 18 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicio... Read more

Read other answers
RELEVANCY SCORE 149.6

while opening c:\windows\system32\rdriv.sys i get a virus detected warning..(Moderator edit: log post moved to HJT Team Forum for analysis and Member help. jgweed)here is my hjt logLogfile of HijackThis v1.99.1Scan saved at 7:06:31 PM, on 3/30/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\System32\PnkBstrA.exeC:\Program Files\Spyware Doctor\sd... Read more

A:Trojan Horse Generic.gm

One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and Download and Execute filesI would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallHowever, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.Should you have any questions, please feel free to ask.Please let us know what you have decided to do in your next post.

Read other 3 answers
RELEVANCY SCORE 149.6

Hi, I have been a few weeks with no virus protection at all. I was getting email bounce-backs from my university email account saying the messages I sent weren't deliverable. I never use my university email account. Also, tonight Gmail shut my account down briefly, saying it was for violating terms of use; one way to do that was to be sending lots of emails. My university recommended running a virus scan when I called about the bouncing emails. I downloaded AVG free edition and ran the scan. It found a Trojan Horse Downloader.Generic.8.BEAE and placed it in the virus vault. This was in my downloads folder- I have been downloading all kids of things lately for school, so I'm not surprised. I clicked on delete, and it is no longer there. I'm worried that this was not an effective fix after reading some of the entries here, so I'm wondering if someone can help me figure out how to make sure this virus is off of my computer?

Thank you!

Below is the HJT log as per instructions for this forum.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:31 PM, on 8/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.... Read more

A:Trojan Horse Generic 8 and HJT log

Bump
 

Read other 1 answers
RELEVANCY SCORE 149.6

Hello

Windows XP Home Edition

Ref: PSW Generic 5.BSY

AVG deteteced this Trojan this morning and it's isolated in the Virus Vault.

Apparently, from details given by AVG, it's not able to be "healed".

Do I leave it in the Vault, or remove it? I presume AVG has removed it from wherever it was lodged.

Thanks for your advice.

Penny
 

A:Trojan Horse PSW Generic 5.BSY

Anyone any ideas about this, please?

Penny
 

Read other 1 answers
RELEVANCY SCORE 149.6

Avg detected trojan horse generic6.jwp on my computer, it won't allow me to move to virus vault or heal. It continues to pop up and seems to change file names. Do i need to run hijack this and post the log on here or is there a program i can download to fix this problem?

A:trojan horse generic 6.jwp

Many AV vendor names of infections are of little relative value in assessing the true nature of the infection.

Does AVG give a location along with the name?

I'd advise you follow the procedures outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 149.6

Today I've encountered a Trojan plus some worms that AVG detected. AVG Resident Shield Alert has detected Trojan Horse Generic 16.GIL found in system32\logon.exe ; a worm in system\32\drivers\aec.sys and the same worm found in system\32\drivers\asyncmac.sys

Currently my laptop's entire background has been replaced with a green screen with a black box saying "SYSTEM IS INFECTED! System has been stopped due to serious malfunction." Two fake virus scanners have planted themselves onto my taskbar, one being a red stop sign with a white X and one being a shield with the red, blue, green, and yellow colors. Ran AVG and it says it's moved the Trojan Horse Generic 16.GIL to Virus Vault, but has nothing regarding the worms.

Fake pop ups are coming up with Internet Security 2010 wanting me to download this/that for spyware etc.

My HijackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:56 PM, on 12/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.e... Read more

A:Trojan Horse Generic 16.GIL

Apparently my system cannot execute Malwarebytes, downloaded it, uninstalled, downloaded again and it says the shortcut has been changed or moved, and prompts me to delete the shortcut.

Edit: Also cannot access task manager
 

Read other 1 answers
RELEVANCY SCORE 149.6

AVG anti-virus scan found Trojan horse generic3.GOH ...mswinsck.ocx and put it in the vault.
Is this real or a false positive?
If it's a problem...should I not send e-mail til it's corrected?
 

A:Trojan horse generic 3

Read other 13 answers