Over 1 million tech questions and answers.

Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Q: Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Windows\System32\mobsync.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Windows\system32\conime.exeC:\Windows\system32\Macromed\Flash\FlashUtil9c.exeC:\Program Files\Grisoft\AVG7\avgwb.datC:\Windows\system32\taskeng.exeC:\Windows\system32\pcalua.exeC:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9PN1Q9K\stinger[1].exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FCD910-C98B-48FF-B6CA-F06E19E7FE79}: NameServer = 203.2.75.132,198.142.0.51O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exeO23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe--End of file - 9995 bytes

RELEVANCY SCORE 200
Preferred Solution: Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 174.8

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

Read other 1 answers
RELEVANCY SCORE 162.4

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 146

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 145.6

Hi!! I am new to this but I need some help, my pc is infected with this Trojan horse, My AVG7.5 cannot remove it & my advance spyware detecter cannot see it, and now my pc keeps rebooting itself. Please can someone help me remove it?
My log:
Logfile of HijackThis v1.99.1
Scan saved at 1:00:32 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\retadpu1000627.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Mic... Read more

Read other answers
RELEVANCY SCORE 138.8

Please help me as I am infected with this virus Trojan horse PSW.Generic5.vxd. I am running AVG Free version 7.5.519. It has detected that the file C:\WINDOWS\System32\ccfgn.dll is in fected with it. I cannot get rid of it using AVG, so this is where I have come for help. At this point I am not seeing any symptoms of this virus, but then again, I don't know what it is doing. Here are my two .txt files from running DSS. I have attached the "extra.txt" file after the main.txt post.

Main.txt
Deckard's System Scanner v20071014.68
Run by General on 2008-04-12 12:45:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-04-12 19:45:45 UTC - RP130 - Deckard's System Scanner Restore Point
3: 2008-04-12 19:41:36 UTC - RP129 - Software Distribution Service 3.0
2: 2008-04-12 04:41:33 UTC - RP128 - System Checkpoint
1: 2008-04-11 03:19:44 UTC - RP127 - Installed Java(TM) 6 Update 5


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as General.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:46 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Norma... Read more

A:Infected with Trojan horse PSW.Generic5.vxd

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsf23.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: superiorads browser optimizer - {c66fbb14-2761-8a0e-055c-c845e41c66f0} - C:\WINDOWS\system32\{6d8eb07f-8e1d-e4bd-c530-c45a15ee5836}.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6d8eb07f-8e1d-e4bd-c530-c45a15ee5836}.dll" DllInit

Reboot....

===========================

Copy the bold text below to notepad. Save it as fixreg.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.



Quote:





REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c66fbb14-2761-8a0e-055c-c845e41c66f0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spa_start"=-




=================================


Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your... Read more

Read other 5 answers
RELEVANCY SCORE 137.2

hello!
Nod32 discovered trojan horse generic5.hzf. it was in files of some PC game. I removed the game and deleted all it's files.

then i did panda scan. here's the result:


Incident Status Location

Adware:adware/cws Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

And here is hijackthis log:

Deckard's System Scanner v20071014.68
Run by User on 2008-03-03 23:48:35
Computer is in Normal Mode.
---------------------------------------------------------------------------... Read more

Read other answers
RELEVANCY SCORE 132.4

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 132.4

have a problem with pop ups recently. Have tried to clean it out but it is not working for me.

AVG finds Trojan horse collected11.B and trojan horse Generic5.GQ.

I ran VundoFix and was able to heal mllmm.dll

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was c:\windows\system32\mllmm.dll

The second filepath entered was c:\windows\system32\mmllm.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------
Killing PID 372 'smss.exe'

Killing PID 1544 'explorer.exe'
Killing PID 1544 'explorer.exe'
Killing PID 576 'winlogon.exe'
Killing PID 576 'winlogon.exe'
Error 0x5 : Access is denied.

--------------------------------------------------------------------------------------

c:\windows\system32\mllmm.dll Deleted sucessfully.
c:\windows\system32\mmllm.* Deleted sucessfully.

Fixing Registry
----------------------------------... Read more

A:Trojan horse collected11.B and trojan horse Generic5.GQ

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control ce... Read more

Read other 1 answers
RELEVANCY SCORE 131.6

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 131.2

Hi guys,

I keep getting the AVG resident shield giving me a message saying that it has found the above virus in C:\WINDOWS\system32\sql.dll. The problem is I can't find the file on the computer!
I have view all files enabled and it's blatently not there.

Any ideas?

TIA

Jimmy
 

A:Trojan horse BackDoor.Agent.BA sql.dll

Read other 6 answers
RELEVANCY SCORE 131.2

We have a new computer and I have downloaded adaware and AVG and ran it.

We are still getting a pop up from AVG Resident Sheild everytime we get on that says:

C:\Windows\system32\sqlldl.doll

Trojan horse BackDoor.Agent.BA

It won't let you quarantine, delete or heal it.

I saw a simular post on this, but did not even begin to understand it.

I was hoping someone could give me some "baby step" instructions on how to take care of this.

Thank you for any help.

It is Windows XP
 

A:Help with Trojan horse BackDoor.Agent

Read other 13 answers
RELEVANCY SCORE 131.2

My Operating System is 98 SE. I have a trojan horse virus. AVG names it Trojan horse BackDoor.Agent.PTX. It is stored in my C\Windows\TEMP folder. How do I get rid of this?
 

A:Trojan horse BackDoor.Agent.PTX

Hi, Welcome to TSG!!
Restart in Safe Mode.

To boot up in Safe mode, continuously tap the F8 key while starting your computer.
You should see a black screen displaying the Windows Advanced Menu Options.
Using your keyboard's arrow keys, select Safe mode, then hit Enter.
Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Restart your machine in normal mode.
 

Read other 1 answers
RELEVANCY SCORE 131.2

Trojan horse backdoor.agent.NRB virus. Unable to delete hidden file.

All of the following has been done when logged on as administrator.
I recently attempted to install Nero 7 on a Windows XP Pro SP2 system, the install failed with an error "unable to create c:\windows\system32\nerocom.dll file". Subsequent investigations have led me thru a mine field of strange issues.

I have discovered:
- I cannot create any file (under any folder) with a name "xxxCOM.dll", even a simpe text file from Notepad can't be saved with a name containing "com.dll" - I get the same error as with the Nero install. I can create files with names like "xxxCOM1.dll, xxxCOM2.dll" but not "xxxCOM.dll". If I do create one with "xxxCOM1.dll" I can rename it as"xxxCOM.dll" from Explorer and this seems to work, if I then "right click" on the file and try and open the file I get an error "file does not exist" yet it is still showing under Windows explorer.
- I cannot display the security property information for any file on the system that has a name"xxxCOM.dll"

I then tried a variety of virus and spyware tools, with the following results
- Win Defender - nothing
- SpyBot - nothing
- AVG - continually pops up a threat warning "Trojan horse backdoor.agent.NRB in file c:\windows\system\COM.dll" but AVG can't heal the problem
- NOD32 - does not detect a virus in the file c:\windows\system... Read more

A:Trojan horse backdoor.agent.nrb

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

------------------------------------------------------


Quote:




I am thinking of trying the following rather radical step as a way of deleting this mysterious "COM.dll" file

- create a new folder "system32new".....

Any comments on this strategy.




Please, please, please do not do that. Post the logs and I will help you.

------------------------------------------------------

Please follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 3 answers
RELEVANCY SCORE 131.2

please help me!

Hello~I'm new here

I got a problem with my pc. My firewall found a trojan horse in my pc. It is called backdoor win32. agent ahj and my 7E49858CT.EXE and 7E49858C.EXE data is infected with that. These datas are located in my windows\system32 folder.
Are these datas important for windows xp? Or can I delete it without having any problems afterwards?
and how to get rid of the trojan horse?
Please help me!!
and sorry for my poor English

-Thanks for reading-
 

A:trojan horse--backdoor agent ahj

Welcome to TSG....

To download HJTsetup.exe from SpyKiller To Download HijackThis go to the following at the File Repository
Click on the button for Download to the right of HijackThis Self Installer:

http://www.thespykiller.co.uk/index.php?action=tpmod;dl=item5

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
 

Read other 2 answers
RELEVANCY SCORE 131.2

Pleae help, I'm desperate! AVG tells me I have this virus but it will not remove it. The file come.dll is nowhere to be found. What can I do? Here is my hijack this log. Thanks in advance!

Virus
Trogan horse BackDoor.Agent.BA

is found in file
C:\WINDOWS\system32\come.dll

Logfile of HijackThis v1.98.0
Scan saved at 6:30:34 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Mary\D... Read more

A:Trojan Horse BackDoor Agent.BA - HELP!!!

Bumping up. Still hoping for help.
 

Read other 3 answers
RELEVANCY SCORE 131.2

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 131.2

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 130.4

I have read that several people also have trojan horse agent.AABY and trojan horse agent.AACL like I do. Is there a straight forward solution?

There is AVG 8.0 free, SpyBot Search and Destroy, and Mawarebytes on my computer up to date and are getting run many times a day. I have searched hidden files and run all programs in safe mode as well. It keeps coming back!

Please help, this is driving me crazy.

A:Trojan Horse Agent.aaby And Trojan Horse Agent.aacl Infection

They are finding nothing? Have you tried scans from Safe mode woth the AVG and SpyBot? MBAM is stronger in normal mode. Do you have SpyBot's Teatimer function enabled ometimes that will interfere witha scan. Here's another tool to run...Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows... Read more

Read other 10 answers
RELEVANCY SCORE 130

Noticed freezing windows, then Generic Host Process error, and finally IE navigating by itself. AVG noticed the "Trojan Horse BackDoor.Agent.AHXQ" tried to remove, and now no longer detects it, but the system is still misbehaving.Generic Host process error sig:szAppName : svchost.exe szAppVer : 5.1.2600.5512 szModName : unknownszModVer : 0.0.0.0 offset: 001a3b57error report contents:c:\docume~1\ellenm~1\locals~1\temp\WER90f7.dir00\svchost.exe.mdmpc:\docume~1\ellenm~1\locals~1\temp\WER90f7.dir00\appcompat.txtark and attach are attachedDDS follows.many thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ellen M at 9:07:21.56 on Tue 08/03/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1479 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\... Read more

A:Trojan Horse BackDoor.Agent.AHXQ

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.============================Please reply to this thread so I know that you still need our help. We're so sorry for the delay.

Read other 3 answers
RELEVANCY SCORE 130

I am trying to help a friend she advised avg came up with a virus detection. she had norton, uninstalled it, ran avg and this came up .

trojan horse backdoor agent BA ia

was what it listed. I asked her to send along a hjt log to post ... she is on xp home.

Logfile of HijackThis v1.97.7
Scan saved at 3:47:54 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\mine\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mine\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mine\LOCALS~1\T... Read more

A:[Solved] trojan horse backdoor agent BA.ia

Read other 13 answers
RELEVANCY SCORE 130

Hi,

I have a virus that my AVG software picks up - but the virus reappears every time I go back on the internet. Help please.

It appears in two locations - C:\Temp\1652269122.exe

and

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\S95ZXGSE\mun1_26_07_11_070.exe
 

A:Solved: Trojan horse BackDoor.agent.PTX

Read other 16 answers
RELEVANCY SCORE 129.6

Hi, please help!!

My computer infected with 2 types of trojan horses. Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG.

I updated all my antivirus and antispyware, boot to safe mode and manage to find and remove the trojan horses, but it come back after I boot to normal mode.

My antivirus and antispyware are AVG antivirus, AVG anti-spyware, Spybot, Ad-aware.

here I include my HijackThis logfile.
Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svcho... Read more

Read other 2 answers
RELEVANCY SCORE 129.2

Hi I'm brand new any sort of forum - so don't really know the form. What I know is that my daughter's laptop has the above Trojan Horse viruses that have knocked out the AVG control centre, any internet connection and the C drive (probably lots more as well). So I'm doing this on my PC. The HijackThis log file follows - very grateful for your help to recover things: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50:28, on 21/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\WINDOWS\SYSTEM32�... Read more

A:Trojan Horse Dropper.agent.git & Backdoor.agent.pta

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 49 answers
RELEVANCY SCORE 129.2

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 129.2

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 128.8

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

Read other 17 answers
RELEVANCY SCORE 128.4

Hi i just been charged 3 times on sum adult website for stuff i havent done. So i went on and cancelled my acct and put out a fraud alert. Now i scanned my computer today and found trojan horse backdoor.agent.IQL with avg antivirus. Its been happening since may 2007. I havent had the chance to put do a scan on spyware but i will soon. I have a few questions on what i should do now? Has my SSN been stolen??? i have recently tried applying for colleges and i put my ssn on the forms to be sent online. could this info have been stolen?? How could i have my credit card stolen? By keylogging, if so what do i do now? Please help me im so distressed i want to buy a new computer just to get rid of the virus. thank you!

A:Trojan Horse Backdoor Agent Iql (identity Theft)

You have to assume every piece of private/financial information has been retrieved from your computer by the backdoor trojan. All of it.The only sure way of knowing that this type of malware has been completely removed and left no access that can later be used to hack your computer is to wipe the drive and reinstall. You should change all passwords using a different computer and notify criedit cards, banks, paypal, etc. Here are two programs you can scan with and you should also post a Hijack This log.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------

Read other 17 answers
RELEVANCY SCORE 127.6

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

A:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

Read other 1 answers
RELEVANCY SCORE 127.2

I tried to follow the posting rules by being as specific as possible in the title to help, but unfortunately, it's hard to do that after running all of the scans and resolving some of the major issues I was having with this PC. I'm trying to clean it up for a friend, and I think I've done a decent job on my own by running all of the programs I use on my own PC as well as some you all suggest we run before posting an HJT log. It's taken FOREVER considering this thing has a 300MHz celeron and only 128MB RAM. Needless to say, I'm tired of screwing with it now..

Enough with the blabbering on about useless information, though. So far I've ran these programs with reasonable success.

AVG Anti-virus(in safe mode)
Trendmicro online virus scan
BitDefender online virus scan
Ad-aware SE Personal with the VX2 Add-on(in safe mode)
Spybot(twice-once in safe mode)
CWShredder(safe mode)
CleanUP!

Everything was updated before scanning!

Here's the log..

Logfile of HijackThis v1.99.1
Scan saved at 10:29:39 AM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\... Read more

A:BackDoor.Agent.2.H, Trojan horse Downloader.Istbar.PI, etc.(too much to list)

Hi there...


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Open Windows Explorer and delete the following red folder/s

c:\program files\ 180solutions

Reboot.......................

================================

It is very important to keep Sun Java up to date to help avoid exploitation by malware .
The current version is Java Runtime Environment (JRE) 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Click the link to download the Wind... Read more

Read other 8 answers
RELEVANCY SCORE 126.8

Evening...I realize that this is a strange way of going about this, but I think in the long run it will be easier to understand. Below is an explaination of what was happening with my PC as of a few days ago. At that time I intended to request your help in ensuring I'd succeeded in removing all malware, however, after having performed all your prep scans, everything appeared to be fine, and since my PC was behaving in no way suspiciously, I thought, perhaps, I wouldn't have to bother you after all, unfortunately, that may have changed. This morning, while removing a couple of unnecessary start up processes via Msconfig, AVG alerted to a virus and then a short time later, to two more, this is what it "healed" and vaulted: C:WINDOWSsystem32Obfustat.EVN C:ProgramFilesLogMeInx86 C:ProgramFilesLogMeInx86update3-00-600bakx86 From what I've been able to glean online, I now suspect that this could be a false positive and somehow was brought about by what I was doing at the time...possibly? I haven't yet deleted these three "viruses" from my virus vault, and hesitate to do so if they aren't actually viruses at all. However, please read on... I originally wrote the following a few days ago, before I ultimately, decided I might just be in the clear. Fortunately, I hadn't discarded it yet. I apologize for how long and convoluted this is... "Hello... Before we begin, I should point out that my comprehension re computer issues is minimal, at best. So, please bear w... Read more

A:Recent Trojan Horse Downloader.generic5.biu (outerinfo, Yazzlesudoku?), Troj_puritysc.bl Type Trojan & (possible) Obfustat...

Hello alassnsane and welcome to BleepingComputer!Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Thanks,Johannes

Read other 12 answers
RELEVANCY SCORE 125.6

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 124

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers
RELEVANCY SCORE 124

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers
RELEVANCY SCORE 123.6

Was found on my machine in the System Volume Information directory 3 times by AVG 7.5 Pro. No problems that I know are caused by this but I have had something screwy going on with the network.Phantom directory

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:13:25 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Fi... Read more

A:Trojan horse Generic5.100

Restore points!

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.
 

Read other 2 answers
RELEVANCY SCORE 123.6

Hello,

AVG popped up today on my other computer and said I was infected with a trojan. I scan this computer quite regularly but it looks like something got through. (Screenshot attached).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:24 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system3... Read more

A:Trojan horse Generic5.IGU

That is in the restore points
Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.
 

Read other 2 answers
RELEVANCY SCORE 123.6

AVG Free Edition detected a trojan horse generic5.hma on my computer. Can you please help me to fix it?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:34:03, on 18/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\lkcitdl.exeC:\WINDOWS\system32\lkads.exeC:\WINDOWS\system32\lktsrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\National Instruments\MAX\nimxs.exeC:\Program Files\National Instruments\Shared\Security\nidmsrv.exeC:\WINDOWS\system32\RTProxy.exeC:\WINDOWS\system32\nisvcloc.exeC:\Program Files\National Instruments&#... Read more

A:Trojan Horse Generic5.hma

Can someone help me please?

Read other 11 answers
RELEVANCY SCORE 122.8

I've got this virus. Found by avg free 7.5 but will not remove it from my machine. Please help this computer is my lifeline. Thanks

A:Trojan virus (trojan horse PSW. generic5

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

We want all our members to follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 14 answers
RELEVANCY SCORE 122.4

Hi I have tried many different suggested methods to get rid of this virus. I currently have quite a few different antivirus software downloaded:AVG 'Anti-virus' Free Edition 2011 (Which seems to be the only software that picks-up this Trojan Horse it can detect 2 'Trojan horse Agent_r.XJ' that seem to be coming from the same place one is removed and the other cant be reached it says 'object is inaccessible' the file location is (C:\Windows\exploere.exe (3060):\memory_00010000) the other antivirus software I use doesnt seem to pick this up.They are 'Avast! Free Anti-virus', 'SUPERAntispyware Free Edition', 'Malwarebytes Anti-Malware', 'Spybot Search & Destroy' and also AVG.This Trojan horse seems to automatically download other virus's and spyware that I can remove however it is not solving the problem. I think this Trojan horse is stopping me from being abl to download the latest updateas for Windows Vista as well. Is there any advice that you could give me. It would be much appreciated Thank You.Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 122.4

DDS (Ver_09-10-26.01) - NTFSx86
Run by Roger at 14:44:11.50 on 04/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2778 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Networ... Read more

A:Infected with Trojan horse Agent.DI

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 30 answers
RELEVANCY SCORE 122.4

Hi, my computer got infected. I used Malwarebytes, spybot, ad-aware, eset online, avg free 9 full scan and they all reported and apparently removed the trojans, but in c:\windows\temp several folders with random names (e.g. bioj.tmp) keep appearing, so there is something not healed yet. AVG last report was Trojan horse Agent.4.BC svchost.exe file.I'm using Windows 7 RC. Hope someone could help me out.Thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by Paco at 20:43:21.08 on 31-Jan-10Internet Explorer: 8.0.7100.0 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate 6.1.7100.0.1252.1.1033.18.2550.926 [GMT -6:00]SP: Spybot - Search and Destroy *disabled* (Outdated) coloro:#E567174============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Apple\Mobile Device Support\bin&... Read more

A:Infected with Trojan horse Agent.4.BC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 122.4

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 7:36:40.89 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.77 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
... Read more

A:Infected with Trojan Horse Agent.4.P

Hello Rob68Welcome to BleepingComputer ========================If you are still in need of assistance please post a new dds log.

Read other 1 answers
RELEVANCY SCORE 122

So I went to open the internet tonight on my computer and AVG comes up with this warning for me about picking up this trojan horse.........My computer has definately been running very slow lately and now I have an idea why......Any help on removing this would be appreciated...this doesnt seem to be the first time that AVG has detected this in the last month or so keep trying to heal the file but it always seems to come back. I have also noticed a strange program running in task manager under processes called bakweb something?>
Enclosed is an HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:11 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\eh... Read more

A:Trojan horse generic5.ujx detected!

And on a side note after doing a scan with spybot it detected virtumonde generic.....
Any help removing this stuff would be greatly appreciated as I have tried multiple times and it keeps returning.
 

Read other 2 answers
RELEVANCY SCORE 122

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 122

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

Read other 2 answers
RELEVANCY SCORE 121.6

hi,
Something very odd is happening to my PC in recent days. every time i try to download any file I get an error 'file contained a virus and was deleted’. AVG is seeing a trojan horse: 'trojan horse backdoor generic 17.err', but cannot correct or fix it. it's the same if i turn off AVG virus guard.
Microsoft sercurity client,  I was using is no longer available.
I’ve tried to download ComboFix 13.5.20.1, same error and also DDS same error. That’s in explorer 9. In firefox it appears to download, but then can’t open it.
So I downloaded on another laptop. Zipped it up, and emailed to myself onto the infected PC. But can’t extract it.
Then it gets spooky, al least to me. I set up an a/c on bleeping computer, and wait for the authentication email. Nothing arrives. I go to re-validate, no email… did it again, and still no email. Not in spam or junk mail. So I re-register using  my work email. And get the authentication email. This virus seems to know I’m after it.
Please help: what can do to fix this one? I’m not an expert on viruses but work in telecommunications and have had PCs for many years, and was an early adopter of the internet.
Smudge77
 
 

A:infected with trojan horse backdoor generic 17.err

I'll report this topic to appropriate helpers.
Hold on there....

Read other 37 answers