Over 1 million tech questions and answers.

Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Q: Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

RELEVANCY SCORE 200
Preferred Solution: Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Read other 10 answers
RELEVANCY SCORE 185.2

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 158

I have been having a huge problem for the last 3 days with trojans popping up and coming back. Everything is loading so slow and I keep getting not only popups but videos that popup and I keep getting fake security warnings. The first day they were popping up I was getting notices from AVG which I clicked to heal them. I am no longer getting notices altho scans of AVG and Malwarebytes both show the trojans. I can scan and heal with malwarebytes every 2 minutes and I will have something new in there. Evidently the fix is only temporary. I have tried to manually clean the files out of my registry but that doesnt seem the fix it either. I am at the end of my rope here with ideas on how to fix it. I would so appreciate any help you guys can offer. I also tried to fix it using vundofix but it didnt see anything on my comp.

Here is a copy of my Hijackthis log and Malwarebytes log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:57 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGR... Read more

Read other answers
RELEVANCY SCORE 157.2

Edited to add information from another topic that will be shortly deleted. ~ OBI had a quick question before I start backingup all my personal/doc/data/photo files.I have an external HD for backup, connected by USB. I haven't turned it on or backed anything up for a couple months (I know lazy), so hopefully its hasn't had a chance to have any infected files on it yet. If i turn it on while its still connected to infected computer what is chance the virus/trojan will transfer to external hard drive?and along the same concept, if i start copying over photos and other personal files to the external hard drive how do I know i'm not copying over the virus/trojan with it?End of added information. ~ OBMy computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop that was infected with lots of virus/Trojan/adware/malware. Its mainly for home personal use (our only computer) but I also telecompute for work sometimes. I haven't been able to backup all our personal files, so I'm trying to avoid rebuilding the whole machine if possible.I've already run, cleaned infected files and run again and received clean slate now from Avast!, MBAM (quickscan) and SuperAntiSpyWare (complete scan).here's my original post in the "Am I infected forum?"http://www.bleepingcomputer.com/forums/t/192399/win32monder-gbtrj-win32trojan-genother-adwarepopcap-trojanvundo-trojanagent-and-more/The computer seems stable now. I can load up the computer without a problem. But after reading this forum and the ... Read more

A:Seneka Rootkit, Monder-GB, Trojan.Vundo, Adware.PopCap, Trojan.Agent, Malware.Trace

Hello, Lex H to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirrorThis is a Secondary mirrorThis is a Secondary mirrorClose any and all open programs, as this process may crash your computer.Unzip the downloaded file to your desktop.Double click on your desktop.Allow the gmer.sys driver to load if asked.You may see this window. If you do, click No.
Click on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the contents of that file in your next post.In your next reply, please include the follow... Read more

Read other 13 answers
RELEVANCY SCORE 152.4

Hi guys,I ran a rogue executable sent to me by a friend and knew immediately that something was awry.SYMPTOMS- Computer bogged down immediately and i saw i was infected with the Nmehaa.exe process (which i ended).- Received repeated warnings that Spoolsv.exe was trying to access secure files (selected no)- Received repeated warning that internet explorer wasn't executing script properly and prompted to continue running script. I don't use IE, just firefox. I selected no repeatedly, then accidentally hit yes, which resulting in my google links being hijacked and sending me to shopping pages within firefox.- could not run malwarebytes anti-malware OR Superantispyware free- my wireless zero configuration continually turns itself off, meaning wireless network access is nearly impossible- PC doesn't recognize a plugged in ethernet cable- my taskbar at bottom has messed up colors (i run a black theme and the taskbar is now black with gray sections)ACTIONS- disabled wireless network card- ran AVG anti-virus in standard mode, which gave a false negative and didn't remove any infection- attempted system restore several times, to no effect- found and followed the preparation guide here on bleepingcomputer.com (DDS and GMER files are attached)- After following guide, i took one more stab at a solution: I downloaded the latest versions of superantispyware and malwarebytes and their latest definitions, transferred them to the PC via USB, and ran them in safe mode after t... Read more

A:Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 9 answers
RELEVANCY SCORE 139.6

Hardrive Sounds Horrible/Apps not Responding/Monitor going Black to name a few of the things going on. I don't know if my harddrive is dying on my three year old desktop or this is all virus and malware related. I run TrendMicro Internet Security 2008 on my computer. I've run the latest versions of malwarebytes and hijack this. I haven't deleted anything because I'm concerned about deleting important files - especially in the Registry Keys. I'm pasting below the DDS.txt as well as the Malwarebytes log - again, I haven't deleted what Malwarebytes found yet.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Marc at 13:55:48.87 on Sat 02/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.336 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files... Read more

A:Adware.BHO/Trojon.Vundo/Backdoor.Bot/Trojan.Agent/Malware.Trace

Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will on... Read more

Read other 15 answers
RELEVANCY SCORE 136

Logfile of random's system information tool 1.05 (written by random/random)Run by Chris Vanderbosch at 2008-12-21 15:56:56Microsoft Windows XP Professional Service Pack 3System drive C: has 22 GB (30%) free of 72 GBTotal RAM: 1023 MB (43% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:57:05 PM, on 12/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java... Read more

A:Infected with Malware.Trace and Trojan.Vundo

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may tak... Read more

Read other 4 answers
RELEVANCY SCORE 136

Here is the logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:03:34 PM, on 12/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Documents and Settings\Duy\Desktop\New Folder\firefox.exeC:\Documents and Settings\All Users\Documents\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft&... Read more

A:Help I am infected my Trojan.Vundo and Malware.Trace

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

Read other 2 answers
RELEVANCY SCORE 136

Hello,

I was working on my XP installed Dell laptop a week ago - when all of a sudden I got hit with pop-ups and a security alert.

Computer stopped working properly right after - and the next day I took it to my computer guy.

He was not very knowledgeable and appears to have installed CyberDefender - he said he was able to clean it - but later when he connected it back to the internet the spyware instantly popped right back up.

I took the machine off his hands went home and turned off the wireless card/via the switch and started reading up on Vundo before I found this great website.

Using my Mac, I downloaded and installed via CD-Rom both SuperAntiSpy and MalwareBytes (in regular and safe mode) - which both got rid of most viruses - but when I restarted both Vundo and Trace came right back every time I ran a scan and their logs showed that I cleaned it up - so I am concerned that these bugs keep regenerating and I am afraid that they will grow worse if I reconnect my laptop to the internet.

I am not very savvy but I read that turning off the restore point was essential to cleaning vundo out so I turned that off during my latest cleaning - and it didn't seem to work.

Also I have turned on the firewall as recommended in the posting guide.

Would kindly appreciate any experienced thoughts on how to get these last two Vundo and Trace bugs out of my system.

Thanks!

Posting requested DDS log below:
DDS (Ver_09-01-07.01) - NTFSx86
Run by Teymy.Bahmani at 2:05:05.5... Read more

A:Infected with Malware.Trace and Trojan.Vundo

Hello BobsBigBoy,Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Please post back with the ComboFix log.Greetings,Thunder

Read other 9 answers
RELEVANCY SCORE 136

I need help....Over the past few days my computer has been getting incredibly slow and popups are going insane. Also somehow my windows automatic updates has been turned off and I can not turn it back on. Symantec started telling me I have a vmain.class virus and now I am also getting notified of a trojan vundo threat with nmppvi.dll, ssqpjkev.dll, nqihtdux.dll, bqrjxmus.dll, jvmusafe.jar- 6ba32b8b-24c07491.zip. I have worked with garmanma (Mark) and he told me to post in this forum. He helped me by telling me download Malewarebytes which removed a lot. I than downloaded Vundofix but it did not detect the virus. I ran MBAM again and it detected Trojan.Vundo and Malware.Trace. My previous thread can be seen at http://www.bleepingcomputer.com/forums/t/194757/it-looks-like-im-infected/. DanMy DDS is below:DDS (Ver_09-01-19.01) - NTFSx86 Run by Owner at 22:12:57.79 on Thu 01/22/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.124 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv... Read more

A:Infected with Trojan.Vundo, Malware.Trace and who knows what else

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please update Malwarebytes' Anti-Malware and run a full scan, Post the log with your next post. * Download DDS by sUBs from one of the following links. Save it to your desktop. ... Read more

Read other 2 answers
RELEVANCY SCORE 135.6

The other day got an e-mail from Blizzard (game company) that one of my World of Warcraft accounts was compromised and was shut down for malicious activity. Changed passwords, set up their access system that requires a call from my personal cell phone for any log-in attempts made not from the usual computer. That situation seems okay for now. Prompted me to run some scans, found some interesting stuff with MBAM, namely: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runtime Service (Trojan.Agent), c:\Users\nex\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace), c:\Users\nex\AppData\Roaming\svc\svchost.exe (Trojan.Agent), c:\Users\nex\AppData\Roaming\microsoft\svchost.exe (Backdoor.Bot), c:\Users\nex\AppData\Roaming\winlogon.exe (Trojan.Agent). It seems after another scan most of these except the svchost.exe in the "Users\nex\AppData\Roaming\svc" path have been removed, though they still may be hiding around. I checked and this svchost.exe file mentioned is visible in that folder and recreates itself within seconds after I delete it. Looking to wipe this bugger out any help is greatly appreciated. DDS log is below and Attach.txt supplied. No GMER log as I read that it does not work for 64-bit Windows (I'm on Windows 7 64-bit).
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by nex at 23:36:2... Read more

A:Infected with Trojan.Agent, possibly still Malware.Trace and Backdoor.Bot

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 15 answers
RELEVANCY SCORE 135.2

I recently began receiving more and more pop up ads whenever I go online. I use Norton Internet Security and update it frequently. As well I use Malwarebytes anti malware program which always seems to do a thorough scan but is not always able to delete virus history. I followed the directions from the forum http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ before posting to her. I added Adaware and Spybot and then ran Hijack This. Recently upon signing in I get popup from C:\WINDOWS\system32\sstqp.exe saying that windows can not find this. After I hit OK it then gets another pop up that says under Desktop, Could not load or run C:\WINDOWS\system32\sstqp.exe specified in the registry. Another continuous popup by Windows XP that I get is Microsoft Visual C++ Runtime Library, Buffer overrun detected, Program C:\WINDOWS\explorer.EXE has corrupted the internal state and must now be shutdown. When I complete scans I continually have Trojan.Vundo, Trojan.Conhook and Malware.Trace showing up on my list of detected threats. I am attatching my log from Malwarebytes and from Hijackthis. Please let me know i there is any info I still need to provide.Thank you for your help!!!

A:Trojan.vundo + Trojan.conhook + Malware.trace= Disaster

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 12 answers
RELEVANCY SCORE 134

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 131.6

Hello,I've been trying to get the family laptop back online as it's been out of order for some time (5-6 months). I tried on numerous occasions to get it started and eventually did after putting it into safe mode by repeatedly pressing F8.I've spent the majority of the past few days updating the laptop's anti virus and other software that I had installed such as Ad-Aware, Malwarebytes and CCleaner. When I did a Malwarebytes quick scan it brought up numerous infections including all of the above as well as something which says Stolen Data which is somewhat worrying.I could do with getting the computer being system fully cleaned and working again so any assistance would be greatly appreciated please. I've posted the necessary attachments/logs that you require below.Many thanks,MarcDDS (Ver_10-03-17.01) - NTFSx86 Run by Kris at 20:27:42.20 on 26/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1215.662 [GMT 1:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOW... Read more

A:Infected with Trojan.vundo, Backdoor.bot, Malware.trace, Hijack.userinit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 13 answers
RELEVANCY SCORE 128.8

Hello. I've been having some issues with my laptop as of late. Upon start up of my mother's (but not my own) user acct, the message "Date Execution Prevention: To help protect this computer, Generic Host Process for Win32 Services has been closed by windows" pops up. Svchost then tries to get out to the net, then aborts.I did my usual scan with MalwareBytes and it picked up on the various viruses, but they keep reappearing upon re-start and re-scanning. Even after being quarantined and successfully "deleted" by MalwareBytes (System Restore is turned off). I've also used Bitdefender and SUPERAntiSpyware in Safe mode, full scan (both failed to detect any of the viruses found by MalwareBytes), but nothing so far has licked it. Included is my DDS scan info. Also included for additional info is my MalwareBytes log (hope that's ok!). Thanks in advance for any and all help DDS (Ver_09-05-14.01) - NTFSx86 Run by Michelle at 7:07:20.78 on Tue 06/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.98 [GMT -4:00]AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS ... Read more

A:Infected w/ Backdoor.bot, Malware.Trace, Stolen.Data, Tojan.Spambot, Hijack.UserInit, Trojan.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 7 answers
RELEVANCY SCORE 126.4

I have gotten Trojan.Ertfor ,Trojan.Zlob.H ,Trojan.Downloader ,and Malware.Trace and I just cant seem to get rid of these Trojans I have ran Malwarebytes'Anti-Malware program(did not get rid of these,and came back) I also did a manual deletion of these Trojans(They came back and didn't stay deleted) I will also add the Malwarebytes'Anti-Malware program Log of these Trojans. Can i get help on what to do to get rid of these annoying Trojans?
Here is the Malawarebytes'Anti-malware Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 4:33:11 PM
mbam-log-2009-06-25 (16-33-07).txt

Scan type: Quick Scan
Objects scanned: 104801
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion ... Read more

A:Trojan.Ertfor, Trojan.Zlob.H, Trojan.Downloader, Malware.Trace, OhMY!

Hello and welcome.. Let's do 2 things next,I think we can clear this up.Run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmYou have a good amount of files here. We should do a full scan.....Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 7 answers
RELEVANCY SCORE 124.8

Hello,

I have downloaded and ran Malware Bytes which finds these viruses on my computer. I have them removed, but basically the same things are still there if I run a scan again. Please help me get these off my computer!

I'm pasting a log of the last Malware Bytes scan I did:
Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 3

1/6/2009 6:44:54 PM
mbam-log-2009-01-06 (18-44-54).txt

Scan type: Quick Scan
Objects scanned: 60703
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pcjhem.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab568909-6049-424d-901c-b6676ece7201} (Trojan.Vundo) -> Quarantined and deleted successfully.
HK... Read more

A:Infected with Trojan.Agent, Trojan.Vundo, Trojan.Vundo.H

Hi and welcome to BleepingComputer Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates". (If you encounter
any problems while downloading the updates, manually download them from
here and
unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will app... Read more

Read other 16 answers
RELEVANCY SCORE 123.6

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 123.6

Hi,

I run Windows XP SP2 with Norton AV and SSD as active protection on my laptop. Recently, I noticed the computer running extremely slow, along with SSD trying to block some registry modifications I did not understand.

Since, I have run Malwarebytes to try to identify and remove any infections. After a couple of scans, removes and re-starts it now indicates the following as being present in my system which it is unable to remove:

Trojan.Agent
Malware.Trace

It sets them to be "removed on reboot" but is unable to do so. I am continually running in safe mode for now.

Here is my HJT log. I would appreciate your help in getting rid of these. Also appended below is the MAB log.

***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:11, on 4/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\lotus\notes\NLNOTES.EXE
C:\lotus\notes\ntaskldr.EXE
C:\Program Files\UltimateBet\mainclient.exe
C:\Program Files\UltimateBet\aphh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Expl... Read more

A:Trojan.Agent and Malware.Trace - HELP

Read other 16 answers
RELEVANCY SCORE 122

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 122

I would appreciate any help for removing malware.trace and trojan.agent from my computer. Malwarebytes finds the files and I remove them, but they continually show up after I reboot. Here is the log file from Malwarebytes. Thanks again for your help. My computer has become very slow.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4491

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/27/2010 6:23:36 PM
mbam-log-2010-08-27 (18-23-36).txt

Scan type: Quick scan
Objects scanned: 141192
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> No action taken.
 

Read other answers
RELEVANCY SCORE 121.6

Hello and thanks in advance for your time and help.I first noticed about a week ago that the computer would start up normally, but as windows loaded, it seemed to freeze and I couldn't click or access the start menu. Eventually after restarting a few times it would work normally. Finally this week I noticed that some websites were being redirected from searches and then Malwarebytes would not open. Eventually after researching that problem, I renamed the malwarebytes executable file and eventually got it to open. Malwarebytes detected the following:Trojan.Agent (C:\Windows\system32\uacinit.dll)andRootkit.Trace (HKEY_LOCAL_MACHINE\SOFTWARE\UAC)Malwarebytes could not remove them and said it would get them on restart, but they keep coming back. Then the day after Malwarebytes detected these things, the infection became worse. I noticed several copies of iexplore.exe running and also drwtsn32 in the running applications tab of the task manager. I have had to end the explorer and iexplore processes in order to get it to stop slowing down the computer and am now forced to operate the computer through the task manager rather than the regular start menu and desktop.I dont really know what to do to remove these pests. This is my work computer so I cannot go on like this, but I also do not want to cause any more damage. Please help!Here is my last malwarebytes log:Malwarebytes' Anti-Malware 1.37Database version: 2249Windows 5.1.2600 Service... Read more

A:help! infected with TROJAN.AGENT & ROOTKIT.TRACE

HelloI see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/232951/trojanagent-and-rootkittrace/We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made yo... Read more

Read other 1 answers
RELEVANCY SCORE 120.8

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 120.8

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 501 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 57223 MB, Free - 21471 MB;
Motherboard: FUJITSU, FJNB1B5
Antivirus: Symantec Endpoint Protection, Updated: No, On-Demand Scanner: Enabled

I run Malwarebytes and continually get the following:
Trojan.Agent File C:\Documents and Settings\1000ApplicationData\torrent.exe
Stolen.Data File C:\Documents and Settings\1000ApplicationData\key
Malware.Trace Registry Key HKCU\Software\VB and VBA Program Settings\SrvID

I clear them and they are back right away.
Here is the hijackthis.log information:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:09 PM, on 9/2/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cis... Read more

A:Trojan.Agent, Stolen.Data, Malware.Trace

Is there any other information I need to supply?
 

Read other 1 answers
RELEVANCY SCORE 120.8

Hi,I have contracted Malware.Trace and Trojan Vundo (not sure if these are the only infections, and whether these two should be treated separately).I have tried nearly everything, scanned with AdAware, Malwarebytes, etc. on one occasion they found infections, on the other they didn't, but computer is slow, and suffers from numerous popups.I have also tried symantec's tool 'Fixvundo' but it was unable to find the infection.What's more, automatic Widndows Update was switched off, and I couldn't turn it back on, however with the help of 'Fixwareout' the symptom disappeared, but not sure what the underlying cause was and whether it was rectified.I have also combofix log ready to publish.However, below, according to instructions, I am only pasting RSIT (according to Kaspersky online scanner, there are no infections, empty report), hoping you will help me to cure my machine and ensure it is free of any infections.Thanks and look forward to your reply.Logfile of random's system information tool 1.05 (written by random/random)Run by Administrator at 2008-12-23 14:19:28Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 17 GB (45%) free of 38 GBTotal RAM: 751 MB (61% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:20:05, on 2008-12-23Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogo... Read more

A:Malware.Trace and Trojan Vundo

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other w... Read more

Read other 6 answers
RELEVANCY SCORE 120.8

Hi everyone.

i've recently been infected by trojan vundo and malware trace.
it seems to have been removed (i've used f-secure online scan, superanti spyware, MBAM, Spydoctor)
but spydoctor keeps bringing up the following files and says they are of high risk

they are all kept in this location
C:\Documents and Settings\UserProfile\Local Settings\Temp\WPDNSE

these files will not budge and i can't find any processes linked to them,
when i navigate to local settings, windows installer always pops up trying to install something and also a dodgy msn messenger tries to get me to sign in.

i've also noticed 2 invisible files sitting in my recycle bin which won't show themselves or delete

here is my highjackthis log. thanks for any help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:06, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.e... Read more

A:HELP! trojan vundo malware.trace

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been some time since you first posted, please do this:

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 120.8

I constantly scan my computer with Malwarebytes, and I find between 18 to 24 items. I delete these and restart my computer, but when i turn my computer back on and scan, I still find Trojan.Vundo and Malware.Trace. These two cause annoying popups of firefox browsers (I use firefox 3). Then the next day, the items that i previously deleted come back and give me phony antivirus software popups such as antivirus 2009, antivirus 360, etc. Please help me.

DDS (Ver_09-02-01.01) - NTFSx86
Run by sandip at 10:13:49.10 on Tue 02/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.378 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\QosServM.exe
C:\WIN... Read more

A:Trojan.Vundo and Malware.Trace

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 15 answers
RELEVANCY SCORE 120.8

It seems I've unfortunately acquired two rather harmful forms of malware. AVG alerted me of them, but I, at first, ignored because I had no idea where they could have come from, but that proved to be a rather stupid mistake.

Upon downloading Malwarebytes' Anti-Malware, it found 66 infected items, and actually got rid of 64. Unfortunately, "Malware.Trace" and "Trojan.Vundo" are the two that keep popping up everytime I perform a scan.

When I jumped to their location, I noticed that they were each in their own registry folders, "MS Juan" and "MS Track System". Spybot's TeaTimer never alerted me to these registry changes either. Nonetheless, no matter how hard I try, I cannot seem to get rid of these two folders and their contents, as they constantly reappear.

Help on how to get rid of these annoyances would be greatly appreciated.

-Diff
 

Read other answers
RELEVANCY SCORE 120.8

I have been unsuccessful in trying to remove the malware in the title and would appreciate any help that is offered. I have run Malwarebytes several times and these two keep coming back. I tried running VundoFix and it did not find anything.Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:31:48 AM, on 1/31/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINXP\System32\smss.exeC:\WINXP\system32\winlogon.exeC:\WINXP\system32\services.exeC:\WINXP\system32\lsass.exeC:\WINXP\system32\svchost.exeC:\WINXP\System32\svchost.exeC:\WINXP\Explorer.EXEC:\WINXP\system32\spoolsv.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Creative\SBLive\Diagnostics\diagent.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINXP\system32\rundll32.exeC:\WINXP\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\Messenger\msmsgs.exeC:\WINXP\system32\RUNDLL32.EXEC:\Program Files\... Read more

A:Malware.Trace and Trojan.Vundo

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 15 answers
RELEVANCY SCORE 120.8

Hi,i'm having A LOT of trouble removing trojan vundo and malware.trace.MBAM detects and deletes but they both reappear after reboot.have tried vundo fix, sdfix, dr web, atf cleaner etc.thanks for any help.

A:Trojan.vundo.h, malware.trace

hi , i sympathise ' ive got the same problem ' had smitfraud ' now virtumondo , have tried allsorts ' avg ' ad-aware ' spybot ' super antispyware ' vundo fix , you name it ' manual removal a bit beyond me so i need an auto fix ,i have heard that spywaredoctor gets rid of it but i cant fnd a working serial number anywhere ' of u have any luck in getting rid of it please let me know on here ' ive been fighting it for 18 hrs , boo hoo

Read other 1 answers
RELEVANCY SCORE 120.8

My Dell Inspiron 9300 has been hit with some malware. I followed a few of the posts on www.bleepingcomputer.com because I found a few posts that were very similar to my problem. I went and downloaded Spybot and Malwarebytes' Anti-malware. I updated and used Spybot as the forum directed. Spybot found many infected files and registry keys. I finished up the process involved with Spybot but when I repeated my scans to make sure the problems were gone they would re-appear in the next scan even though I was told by Spybot that the problems had been dealt with. I then tried Malwarebytes' Anti-Malware. After updating and scanning, 35 infected/untrusted items were found and dealt with. I scanned again after rebooting and this time only 2 items were detected as infected. So I have 2 repeating little devils, which is much better than the old 35 infected items. My 2 repeating offenders are Trojan.Vundo and Malware.TraceThe post at this link http://www.bleepingcomputer.com/forums/lof...hp/t129477.htmlis very similar to my problem but I need some 1 on 1 help so I can carry out the same instructions given to user mg99t but for my specific system config. I have found this site very useful over the past 2 days and I have already partially solved the problem by simply reading over this great site. My computer is already behaving better but I want to make sure I finish off the Trojan.Vundo and Malware.Trace for good. Bleepingcomputer.com is definately worth donating some money too an... Read more

A:Vundo Trojan and Malware.Trace

Please post the results of your MBAM scan for review.To retrieve the MBAM scan log information, launch MBAB.? Click the Logs Tab at the top.mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe? Click on the log name to highlight it.? Go to the bottom and click on Open.? The log should automatically open in notepad as a text file.? Go to Edit and choose Select all.? Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.? Come back to this thread, click Add Reply, then right-click and choose Paste.

Read other 9 answers
RELEVANCY SCORE 120.8

Apparently, I downloaded a harmful file, and my computer was loaded with malware and spyware, all that wonderful stuff. I removed it all with MBAM, but there are two that won't go away, Malware.Trace and Trojan.Vundo. I've tried Vundo Fix, but nothing will remove them, please help me.

DDS:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Palumbo at 22:11:16.28 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1208 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:�... Read more

A:Malware.Trace and Trojan.Vundo

Hi, and Welcome to BleepingComputer My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system... Read more

Read other 13 answers
RELEVANCY SCORE 120.8

Various popups come up, both "regular" popups and Winfixer, and my computer is running slowly with frequent crashes. Malwarebytes lists Trojan. Vundo and Malware. Trace. I told MalwareBytes to fix them, and it got rid of some aspects of them, however the Vundo and Trace registry keys are still there. I've tried using VundoFix, however it could not find Vundo. Here is my HijackThis log:Logfile of random's system information tool 1.04 (written by random/random)Run by Stephanie at 2008-12-15 17:01:48Microsoft Windows XP Home Edition Service Pack 2System drive C: has 89 GB (75%) free of 120 GBTotal RAM: 1022 MB (37% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:08:34 PM, on 12/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Live\Messenger\... Read more

A:Trojan.Vundo and Malware.Trace

Hello Keel the Vundo,I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 6 answers
RELEVANCY SCORE 120.4

My parents computer motherboard went out on them and since their budget is limited right now they opted to go with a computer they had in storage for the last 2 years. I hooked up the computer and started doing updates to it and then installed malwarebytes and it found a few problems when it did the intial quick scan. I also installed superantispyware and it found some other issues as well such as Rootkit.TDSServ-Trace. I ran the scans and cleaned them out as best I could and now I turn to this website for help to help me clean out this pc so it will be safe for them to use.

.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Kevin at 22:08:06 on 2012-02-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.341 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\... Read more

A:Infected system trojan agent and TDSServ-Trace

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 14 answers
RELEVANCY SCORE 119.6

hello,

i have run many scanners. they all find something. i have been
reading for days. i am tired and totally confused. looks like they were stealing identity info?
i ran gmer the attached is the one it did, there is also a second one. i do not think you want this one as it is a mile long?

john

DDS (Ver_10-12-05.01) - NTFSx86
Run by john at 22:51:55.63 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2376 [GMT -8:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.ex... Read more

A:Avast / Malware.Trace and Trojan.agent/ Gen-Nullo Short

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 119.2

Hi, I am helping a friend out with his infected laptop. I have run combofix, SB S&D, vundofix and malwarebytes. Running those helped to eliminate a lot of infections found. But the 2 items in the title still show up during the malwarebytes scan after every reboot. Here is a current hijackthis log. Thanks for any help!DavidLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:33:36 AM, on 8/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exec:\TOSHIBA\IVP\swupdate ... Read more

A:Malware.trace & Trojan.vundo Infection

Hello Stingray11 I have run combofix You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Did you install Recovery Console before running ComboFix? If you have not installed Recovery Console then go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating SystemDownload the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, including all anti virus (Norton Antivirus) and anti malware (SpyBot Teatimer) programs so they do not interfere with the running of ComboFix. Drag the setup package onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

At the next prompt, click 'Yes' to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along for further review.

Read other 2 answers
RELEVANCY SCORE 119.2

History of my ?journey? fighting these 2 viruses:

Last Friday I started having problems with malware detected by Norton AV (Packed.generic.202 and Trojan.Vundo). I tried, unsuccessfully, to remove them using NAV and reading literature on the internet on how to clean the registry

Then I ran SpyBot 1.6 which detected the following threats:
o Virtumonde
o DoubleClick
o MediaPlex
o Zedo
o Statcounter
o HitBox
o WebTrends live
o CasaleMedia
o AdRevolver
o FastClick
o MediaPlex
o BlueStreak
o CoreMetrics
o BurstMedia
o BonziBuddy

I also tried to fix the problem with SpyBot which marked everything as fixed.

But problems kept on coming back especially when using Firefox I got several IE unwanted windows popping up.

Then I got the suggestion from a colleague to install and scan the system with Malwarebytes? which detected the following threats during the first scan:
o Trojan.Vundo.H
o Trojan.Vundo
o Trojan.TinyDownloader705
o Trojan.Downloader
o Malware.Trace


Malwarebytes? fixed some of them but Trojan.Vundo and Malware.Trace are still resident. In fact, I run a Malwarebytes? every night and they are still there even thought the program tries to fix it after every scan.

This is the log from KASPERSKY ONLINE SCANNER 7 REPORT:

Wednesday, December 10, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 10, 2008 16:18:28
Records in database: 1450104
... Read more

A:Trojan.Vundo and Malware.Trace Infections

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal, ald113. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:1.RSIT log.txt and info.txt.

Read other 10 answers
RELEVANCY SCORE 119.2

Hi bleepingcomputer gurus,

I started receiving some constant pop-ups, mostly directing my firefox browser (and sometimes IE out of nowhere) to links with the domain sagipsul.com (and I've seen lots of posts in various forums about this same pop-up). I ran Malwarebytes' Anti-Malware, and it found Malware.Trace and Trojan.Vundo, where I always click 'Remove Selected', and the log says, 'Quarantined and deleted successfully'.

But after restarting, and re-connecting to the Internet, I can run Malwarebytes again, and it comes back clean. But, once I perform a search in Yahoo or Google, the pop-ups start coming again, and then sure enough, I can run Malwarebytes and it will find Malware.Trace and Trojan.Vundo again.

Portion of Malwarebytes log:
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Any help is greatly appreciated!!! Thanks so much,
hoosiers23

DDS.txt:
---------------
DDS (Version 1.1.0) - NTFSx86
Run by ###### ######### at 12:30:54.98 on Sun 01/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.971 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe... Read more

A:malware.trace trojan.vundo & sagipsul.com pop-ups

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 6 answers
RELEVANCY SCORE 119.2

Hi! I'm an idiot and managed to put this stupid thing on my computer!! Hasn't create any real problems as far as I can see apart from being a major pain in my arse and creating popups and not letting me search google etc (Although I worked around this by renaming FireFox to something else). I can't for the life of me remove this thing - I've been trying for 2 weeks now. I've tried so much stuff. I've now decided to ask for some help.Hijackthis log is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:48, on 2008-09-22Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\DU Meter\DUMeter.exeC:\Windows\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Mozilla Firefox\simone.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\Hijac... Read more

A:Virtumonde/vundo.trojan/malware.trace

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGxUKbX.dll,#1I'm pretty sure this guy is part of my problem. Although, I could be wrong.As far as I know it seems I have removed most of it. I've done boot scans and things and only the initial scan found 1 infected file and since then nothing. Upon start up of Windows I scan with SUPERAntiSpyware and Malwarebytes and they keep bringing up Malware.Trace (it links me to the above file).I have run the scans every time I start windows and remove the files but as soon as I reboot they're back again.

Read other 28 answers
RELEVANCY SCORE 119.2

Hello, infected with trojan.vundo and malware.trace which is causing very random popups only when im online. Originally infection was about 3 days ago. Used adaware and avg then which got rid of what seemed to be all of the infection at the time. Popups continued rescanned with both again neither found anything. Found Malwarebytes' anit malware online which finds 2 files anytime i run it, removes files but they always return. Malwarebytes is the only program that actually finds anything right now. Ad-aware and AVG don't detect anything when i scan with them. I have scanned with all 3 in safe-mode as well.
DDS (Version 1.1.0) - NTFSx86
Run by Cody at 2:46:50.46 on Sat 01/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1481 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS.3\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.3\System32\svchost.exe -k netsvcs
C:\WINDOWS.3\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.3\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS.3\System32\CTsvcCDA.exe
C:\WINDOWS.3\system32\nvsvc32.exe
C:\WINDOWS.3\SYSTEM32\USRmlnkA.exe
C:\... Read more

A:Virtumonde/Trojan.Vundo/Malware.Trace

Hello PavorNocturnus and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be foun... Read more

Read other 2 answers
RELEVANCY SCORE 118.4

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 118

Hi,
Malwarebytes Anti-Malware reports Malware.Trace and Trojan.Vundo. I've used spybot S&D,AVG, CounterSpy and it keeps coming back... Please can somebody help me sort this out? Thanks

Heres the DSS log

DDS (Ver_09-01-07.01) - NTFSx86
Run by trncd at 17:23:41.95 on 18/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1982.1088 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\abit\abit uGuru\AirPaceWifi.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Kontiki\KService.exe
C:\Progr... Read more

A:virtumonde Malware.Trace Trojan.Vundo infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please update Malwarebytes' Anti-Malware and run a full scan and post the logs with the DDS log. * Download DDS by sUBs from one of the following links. Save it to your desktop. ... Read more

Read other 3 answers
RELEVANCY SCORE 118

Hello,

I am using Windows XP, Version 5.1, Service Pack 3

A few days ago my computer was infected by a virus. I noticed this when I started getting porn popup ads and after investigating further I noticed my security settings were turning themselves off (automatic updates and virus protection). I am currently using PC Tools Antivirus (free) and it did not track the virus. I also use Crap Cleaner frequently, and it did not track the virus.

I lurked these forums and performed the basic steps to have this removed. I downloaded Malware Bytes, updated, removed the infections (one of which was the Virtumonde.prx virus), and was given a false result saying my computer was clean. After that I downloaded and ran Vundo Fix and was also given a false result. Same story with VirtumundoBegone.

I downloaded SpyBot S&D and ran that, it tracked and traced several problems which I removed and it seemed to run faster. I also downloaded AVG free and Secunia PSI. I removed all old Java updates and now have the current version. After using all those I ran Malware Bytes again updated, did the full system scan, and the Malware.Trace and Trojan.Vundo were there. I removed them and Malware Bytes said they were gone. But they're not.

Every time I restart my computer a virus comes back. Today my computer tried to do an automatic update and when it went to restart, a blue screen came up with warnings and went off too quickly for me to read it. When it restarted I was able to... Read more

A:Unable to remove Malware.Trace and Trojan.Vundo

Hello and welcome, it makes life easier for us if we can see the scan logs so we can be sure of the next step. Vundo Fix and VirtumundoBegone are pretty much outdated now. So I will ask you to do 2 things next.Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete"... Read more

Read other 6 answers
RELEVANCY SCORE 118

Hi. I appreciate you taking your time to help. I recently downloaded a Yahoo Messenger. Later on I decided that I didn't need it so I uninstalled the program. After that I opened Firefox and noticed strange pop ups continuously coming up. Strange blank pages with long URLs ending in Superjuan, I realized it must have been a virus of some kind.After some advice I:Downloaded Malwarebytes.Preformed the required Updates.Preformed a Full Scan.Removed the infected files.After that I recived a message that said something along the lines of 'Not all of the files could be removed, and they will be removed upon restart.' and received this log after restart.Malwarebytes' Anti-Malware 1.33Database version: 1747Windows 5.1.2600 Service Pack 22/11/2009 3:30:17 AMmbam-log-2009-02-11 (03-30-17).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 89292Time elapsed: 15 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 4Registry Keys Infected: 17Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 0Files Infected: 13Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\qtsloiwg.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\vtUlMdEX.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\mumurp.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ddcCssRL.dll (Trojan.Vundo.H) -> ... Read more

A:Problems. Trojan.Vundo MS Juan Malware.Trace, Please Help.

As the log posted in the above post is an MBAM log, I am moving this topic from the HiJack This forum to the Am I Infected forum. ~ OB

Read other 7 answers
RELEVANCY SCORE 118

decided to check the family computer as nobody else does, and found a fair of these creeping around. as much as I try to tell the less tech savvy and computer safety knowledgeable of the family they don't seem too sure on whats good and what isn't
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by john at 15:21:17 on 2014-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4085.2437 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Progra... Read more

A:trojan vundo malware.trace and many PUPS found.

Good evening.
Can you tell me what you scanned the PC with that found the above nasties.

Read other 10 answers
RELEVANCY SCORE 118

Hello,

I am infected with a nasty trojan. I have tried to clear it up with all kinds of removal tools with no success! I have tried spybot, ad-aware, my intivirus..bitdefender, and malawarebytes. Malawarebytes seems to be the only program picking it up know and says I have trojan.vundo and malaware.trace in my computer. When I press the fix button it says it has quarantined and removed the infection. When I go back to use firefox, or explorer, the pop ups keeps appearing and eventually antivirus 360 comes up again as well. Nothing has worked please help!!!!

Here are my logs.
DDS (Version 1.1.0) - NTFSx86
Run by Daniel Beam at 12:01:41.09 on Sat 12/27/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.939 [GMT -7:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mob... Read more

A:Antivirus 360/Trojan vundo/Malware.trace infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 3 answers