Over 1 million tech questions and answers.

backdoor trojan eating my computer fast. . .

Q: backdoor trojan eating my computer fast. . .

ERR. None of the scans, but one. . I dont know what it was but the darn thing would not stop with the pop ups. (windows something, i know no help) But anyway I keep getting the silly pop ups. Now I get fatal error. ths thing is eat away at my computer FAST. Please help Here is the hijak thinger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:54 PM, on 11/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6QR4JD6\windows-kb890830-v2.4[1].exe
c:\44be0f13223a0bae55a20a0547\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop" target="_blank" class="wLink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [B Register C:\Program Files\DivX\DivX Web Player\npdivx32.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Web Player\npdivx32.dll",DllRegisterServer
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12237 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: backdoor trojan eating my computer fast. . .

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 60

I have Dell Inspiron 530 and running Windows XP Home Edition service pack 3. I suddenly started getting pop ups and my AVG says I have the Trojan Horse Vundo.KE. It was moved to the virus vault but keeps coming back and now I can't even use my computer because of how slow it is running. I have run CCleaner and Spybot but it doesn't help. It took me several tries to even run the GMER scan. Upon start-up on two separate occasions I got Rundll errors. One said c:\windows\system32\zugotike.dll and the other said c:\windows\system32\gasidufa.dll specified module could not be found. I can't really go anywhere online or even use my computer now.
Please help I need my computer!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Margaret at 23:37:51.32 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.816 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlse... Read more

A:[SOLVED] Vundo Trojan eating my computer

Howdy there Babineaux586 and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this web page for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 11 answers
RELEVANCY SCORE 59.2

Hi,

I figured I post this topic in hopes that someone else has the same problem.

Recently, I purchased a new hp quad core with 3 gb of memory, vista premium, the whole 9 yards. I am very happy with the computer. It is awesome but I've already encountered a problem.

After upgrading to this new computer, I reinstalled some of my stuff including yahoo toolbar and google toolbar on my IE7. Now, I'm not 100% sure that either one of those toolbars is the culprit, but based on my conversation with HP support, it might be.

Here's what happens...Usually, when I am on my computer, I am using IE7, word, maybe dreamweaver. At first, I can have 10 IE tabs open. As the time goes on, maybe after 3-4 hours, my resources start to depleed where I can't right click on anything anymore, tabs become blank pages, can't open any windows, etc.

So, I need to start closing tabs, one by one to regain some memory. Pretty soon, I'm down to one IE tab, word closed down, dreamweaver closed down, basically just IE is open. Sooner or later, I have to restart my computer to get back to the usual state.

Here's what I've noticed...In the task manager, IE resources keep increasing under the memory usage tab, upwards to 160,000k. I've contacted HP support, they're very helpful but can't get the issue resolved.

They told me to:
*scan computer for adaware, viruses, spyware...result==> nothing there, the computer is clean

*I've heard of memory l... Read more

A:Something it eating up my rresources FAST! HELP ME!

Read other 13 answers
RELEVANCY SCORE 58

My yoga 2 pro is burning up data allowance super fast when using wifi, eg 2 gig in a few minutes. I was using firefox reading the australian? Is there a fix and if so what do i do?

Read other answers
RELEVANCY SCORE 56.8

Really don't think this is normal - just noticed my hard drive available space ticking down, right in front of my eyes - on the order of about 1G in 15-20 min. After mucking around a bit, discovered that turning off system restore made it stop. Another clue - when I boot in safe mode, there's about 2G MORE available hard drive space shown (in windows explorer), then when I boot back to normal mode that 2G is mysteriously gone again... this is weird.

Is this a virus? Ran all the scans but came up empty.

thanks for any info.

BTW - XP SP2

A:system restore eating hard drive space WAY too fast

What antivirus program are you using?

Certain versions of ZoneAlarm can fill up System Restore really quickly but it would not put that much in that quickly.

Is this 1 gig being taken up every 15-20 minutes, or did it just happen in one 15-20 minute period each day?

Have you looked in the System Restore folder to see how big your individual restore points are?

How big is your hard drive?

I do not see why System Restore would make any difference in available space shown in Safe Mode.

Read other 7 answers
RELEVANCY SCORE 56

Referred from here: http://www.bleepingcomputer.com/forums/topic403674.html ~ OBHave reinstalled windows and both entities are still present and the slow crunching sound of the hard drive is occasionally heard.Have not had any luck reformatting the disk. Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom. Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs. Remember I have reinstalled windows and removed all extra programs prior to. Question can the bios get affected with a virus issue like I have?I did trial 10 bit products security 360 and Advanced system care 4 and have a feeling that this is where the infections have come from. Thankyou for your help.
 Attach.txt   4.2KB
  2 downloads.DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000Run by gino at 23:35:04 on 2011-06-17Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.6142.4972 [GMT 10:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalSys... Read more

A:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

first off, here are my specsAMD Athlon 64 X2 5200M2N-e Asus motherboard2 gigs (1gig x2) Corsair dual channel ramNvidia Geforce 7900 GS 256mb PCI-EWhen I first built my computer and loaded windows, it worked super fast. Now, its slower then my older computer, which I thought was impossible. I mean...This is pathetic. I unistalled AVG cause there was a process running that is supposed to be a Trojan, and a program said AVG was running it. So, I deleted it, was prompted to restart, so I did. It took literally 10 minutes to shut down and restart. At worst, my old computer took 5 minutes. (P4 2.8, 1.5 gigs ram, ATI Radeon 9800). So, how do I fix this? I have a theory its Microsoft forcing people to upgrade by putting out crappy updates. I mean, for my card, the newest driver is dated the beginning of last year...They come out with a new one but its Vista only. Woo...idiots. So basically it started about 3 days ago, aprox. 4 days after this computer was built. I was playing Battlefield 1942, it froze. I tried 5 times, it froze in different spots at different times. I reinstalled. Same thing. Oblivion goes for about 30 minutes then crashes to the desktop. I then hit the window to maximize again, and it freezes. This has happened everytime as well. I also did older games, same thing, but done differently. Battlefield was the only one that froze the entire computer to where i had to manually shut it off.Then today I randomly check my processes, and theres 2 runn... Read more

A:I Need Help...slow Computer, Freezing Games, On A Fast Computer...(possible Trojan)

The first thing which strikes me is that you have 2 anti-virus applications on your computer ( Zone Alarm security suite and AVG Free) Having two anti virus applications running on your PC can give conflicts so I suggest you uninstall one.For the antispyware applications do you have all real time protection enabled?..I first would try Microsoft online test and see what comes up. The freezing can also indicate faulty memory, there for run a Memtest to rule that out.

Read other 4 answers
RELEVANCY SCORE 54.8

Hello! I just did a full scan of my computer using Norton Antivirus. It seems to have detected 2 risks, both of which are Backdoor.Trojan viruses. I deleted them through Norton Antivirus, but I'm a bit skeptical and just wanted to make sure they were gone from my computer. Is there any way I can determine this?? I have pasted a copy of my Hijack This log below.

Any help regarding this would be greatly appreciated! Thanks for the help in advance!!!

------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:19 PM, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICC... Read more

Read other answers
RELEVANCY SCORE 54

Hi everyone,

I could do with some advice.

I downloaded a file earlier today, decompressed it and started the program.

10 minutes later, my Norton security popped up saying that it had detected a backdoor trojan and that it had been quarantined and resolved.

I have now since completely wiped the file I had downloaded from my system, ran a virus scan.

My computer is working fine but am I safe?

A:Backdoor.Trojan - Is my computer still safe?

Hello and welcome to TSF.

Hard to say whether you're safe or not without any logs to analyze.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 54

Referred from here: http://www.bleepingcomputer.com/forums/t/332504/infected-with-trojan-horse-sheur3aiox/ ~ OBThis is the log from DDS and GMer. ThxDDS (Ver_10-03-17.01) - NTFSx86 Run by Young Hova at 7:51:02.15 on Wed 07/21/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.280 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exesvchost.exeC:\Program Files\Emsisoft Anti-Malware\a2service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hotspot Shield... Read more

A:Computer infected with backdoor trojan!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 17 answers
RELEVANCY SCORE 54

Hello All,

My Office unit has been infected by a Backdoor.Trojan, I have no idea where it came from but I am fedup of this one. So far I have tried ComboFix and TrojanHunter 5.0 with no good.

I would request you to help me with this one please, am on XP Pro SP2.
Thanks
Safeer

A:Backdoor.trojan On My Office Computer

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user. CounterSpyThis means your computer's security has been compromised.You now have to decide if you want to make an attempt to clean this or reformat the Hard drive to be absolutley sure.To proceed on a clean up you'll need to start herePreparation Guide for use before posting a HijackThis Log

Read other 1 answers
RELEVANCY SCORE 54

Hello,

My Norton 360 discovered a Backdoor.Trojan virus on my computer. I tried a few steps that Norton recommended, but the virus was still there. I reformatted my computer and the virus came back. I am unable to open Malwarbytes, go to Microsoft Update, update any of my spyware, anti-virus definitions, or clear my browser cache.

Norton said that my affected area is the browser cache and a file: globalroot\systemroot\system32\gxvxcmjhmspouwfrsqsanalxxmcpxnkjgwktb.dll Any help is much appreciated!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tyler James at 11:35:23.76 on Sun 06/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1428 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System... Read more

A:Backdoor.trojan infecting my computer

Hello, and welcome to TSF.

My name is Gringo and I'll be glad to help you with your computer problems.The logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this cli... Read more

Read other 9 answers
RELEVANCY SCORE 54

Hello,

My Norton 360 discovered a Backdoor.Trojan virus on my computer. I tried a few steps that Norton recommended, but the virus was still there. I reformatted my computer and the virus came back. I am unable to open Malwarbytes and even go to their website. Below is the results from the Norton Scan and Hijackthis.

Thanks for your help.

Norton said that my affected area is the browser cache and a file: globalroot\systemroot\system32\gxvxcmjhmspouwfrsqsanalxxmcpxnkjgwktb.dll

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:42 PM, on 6/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvc... Read more

A:Backdoor.trojan infecting my computer

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 54

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by charl_000 at 16:54:25 on 2013-07-16
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8048.6288 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWow64\IntelCpHeciSvc.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Syna... Read more

A:Computer Keeps Redirecting and Possible BackDoor/Trojan?

Hello abdec70 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

Read other 3 answers
RELEVANCY SCORE 54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:57 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ... Read more

A:Need Help my computer is infected with Backdoor Trojan Here is Log

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your syste... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

Hello,My Norton 360 discovered a Backdoor.Trojan virus on my computer. I tried a few steps that Norton recommended, but the virus was still there. I reformatted my computer and the virus came back. I am unable to open Malwarbytes and even go to their website. Below is the results from the Norton Scan and Hijackthis.Thanks for your help.Norton said that my affected area is the browser cache and a file: globalroot\systemroot\system32\gxvxcmjhmspouwfrsqsanalxxmcpxnkjgwktb.dllHere is my Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:42 PM, on 6/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Expl... Read more

A:Backdoor.Trojan virus infecting my computer

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,I am and I am here to help you!I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.As I am in training an Expert Coach will assist me in your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!**********Let's begin,I need a more in depth look at your computer.Please do this...........Download random's system information tool (RSIT) by random/random from here and s... Read more

Read other 9 answers
RELEVANCY SCORE 53.6

I have DSL but my computer is running slower and slower every day. It takes 30 seconds or more to go online and screen changes often take 10 seconds or more. I often hear it grinding away when nothing is going on. It doesn't even turn off sometimes. The only thing that shows up all the time is the trojan-backdoor-progdav so I'm assuming it is involved with the problem. My spy sweeper picks it up every day and it's quarrantined and back the next day. I hope I followed the directions for everything I was supposed to check and include. I don't have much beyond surface computer knowledge so please bear with me. Thanks
Logfile of HijackThis v1.99.1
Scan saved at 8:10:41 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SP... Read more

A:Trojan-backdoor-progdav---slowing down my computer

Hello Marto, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

You are running HijackThis from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT, or another name of your choice. Extract HijackThis from the archive and move it to this folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

Finally, your HijackThis log appears to be incomplete. Please scan your system again and make sure you copy everything for me. I do see a couple things I'm concerned about, but I need to see your whole log.

Read other 16 answers
RELEVANCY SCORE 53.6

Hello TechGuy,

There are many virus and spywares in my computer and keep popping up new windows. I have McAfee VirusScan Plus 2007 software in it and the computer information is shown below:

Microsoft Windows XP Home Edition Version 2002
Hewlett-Packard Pavilion
Intel(R) Celeron(TM) CPU 1200 MHz
1.20 GHz
256 MB RAM

And here is the hijack log without fix checked:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:56 AM, on 10/31/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\mgrs.exe
C:\WINDOWS\avp.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Exp... Read more

A:Backdoor-CVT trojan and series of virus in my computer.. please help

Bring this topic to the top so mod and/or techguy can look at this.. been on computer waiting for your reply. Thanks
 

Read other 2 answers
RELEVANCY SCORE 53.6

For the past week, I have been having trouble with google and yahoo searches. My searches are simply redirected to other irrelevant sites (ads, porn sites, etc).

I have tried various adware and mal-ware removal softwares (ad-aware, superAntiSpyware, malware-bytes, etc). Some cookies were removed, but the situation persists.

In addition, the free version of AVG detected Trojan horse BackDoor. Generic9.AJHM on my computer. For some reason, AVG along with all the adware removal programs have had problems doing online updates. Could it be that the virus affected my online connection?

I also could not log in to my msn space at all (via firefox, IE or Opera). Please let me know what I should do. Thanks!




DDS (Ver_09-02-01.01) - NTFSx86
Run by XMW at 0:47:58.54 on Fri 02/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1183 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\... Read more

A:Computer hijacked and found Trojan BackDoor

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like gr... Read more

Read other 9 answers
RELEVANCY SCORE 53.6

My computer is most definitely infected with a virus. It has taken over my browser and disabled MalwareBytes and any other antivirus software I try to run. It has downloaded nasty icons on my desktop and re-routes my browser to the same nasty websites. In an attempt to get rid of this virus I reformatted my hard drive and wiped it clean. I reinstalled Windows XP Pro and when I got online the virus came back took over my browser, reinstalled the nasty icons and repeated the whole process over again. It seems it was hiding in the memory modules. I do not know how to clean memory like you can clean a hard drive. Please help me, I am lost without my computer.
System:
80Gig raptor
Win XP Pro
2g Ram

A:Backdoor Trojan Virus Found on my Computer

I would like to see if my computer is salvageable. Any help would be appreciated. Thank You.

Read other 2 answers
RELEVANCY SCORE 53.6

Hi my computer is being overrun with viruses some help plz

-its made my desktop change to a fake window security display
-my task manager was disable that says admin has disable this
-then it disable me from trying to change my background display and tools from control panel
-it further more disable me from using the internet
-and i get a fake window security pop up and maybe other pop ups

some of the files that i notice that contain viruses or are viruses is
iftuyszv.exe ( don't know how to get rid of)
rundll16.exe (don't know where it is)
verclsid.exe (manually deleted)
getpack 18, getmodule 18
others

i also use micro trend , anti-malware, spyhunter, Spybot seek and destroy
that found smit fraud webhdll.dll
and other that keep constantly showing up at every scan

here is my hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:33 AM, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr... Read more

A:Help plz several viruses, smitfrauds and backdoor trojan on my computer

Hello and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=======
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

Read other 1 answers
RELEVANCY SCORE 52.8

My googletalk and aim has been acting weird. Everytime, I try to open googletalk, I get this following message, "Google Talk encountered an internal error, and must nown close. Ok to report this error to Google?". I've google this error and it's said I might be possibly infected with malware or virus. When i try to install aim, it's give me error and crash. My IE interent option wont open either. I did an avg scan and it's detect rootkit hidden system driver and the file name is a3t988r8.SYSTrojan horse BackDoor.TurkojanTrojan horse BackDoor.Delf.BJPTrojan horse Backdoor.Generic11.XFSI've deleted all the infected file but the problems still exist.One more thing, whenever I try to do a scan for rootappeal, my computer crash.I also provided hijackthis log just incase you might need it.______________________________________________________________________________________DDS logDDS (Ver_09-07-30.01) - NTFSx86 Run by Kev at 8:49:17.66 on Sat 09/05/2009Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2046.984 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:&... Read more

A:Infected with Trojan backdoor and possibly rootkit [Computer 2]

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

I've gone as far as I'm comfortable with the How to remove a Trojan, Virus, Worm, or other Malware Tutorial, through Manual Removal, step 9. I'm unable to find information on many of the entries in Autoruns and don't want to brick my only computer.
 
My MS Essentials quarantined Seedabutor.B on 2/28. It seems to have piggybacked on some P2P programs my DH grabbed from a dirty source (I h8 P2P!).  I noticed issues with random new toolbars in my Chrome browser on 3/2. I uninstalled BitTorrent, MP3Jam, Conduit, and SwvUpdater. I downloaded MalwareBytes as recommended by the above tutorial, it quarantined & deleted these on 3/3:
 
Registry Keys Detected: 6
 
Registry Data Items Detected: 1
 
Files Detected: 2.
 
(I can provide cut/paste log history if it helps)
 
Audio ads still run randomly when the browser is open, ads pop-up when I click most buttons and links, ad hyperlinks have invaded my browsers, and I receive occasional warnings from AVG 2012 Resident Shield that tracking cookies are being blocked.  I'm sorry I can't provide the word-for-word AVG messages. They seem to only appear when the system is idling and I'm busy with other activities.  Also, I can't seem to attach the attach.txt file, I click 'Choose Files', select attach.txt, and then receive a popup ad. 
 
I'd sure appreciate an experienced helping hand. Thanks in advance!
 
Here is the dds.txt:
 

DDS (Ver_2012-11-20.01) - NTFS_... Read more

A:Computer infected w/ backdoor trojan, possible roboot64 and Seedabutor.B

Please run the following:Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.MBAR tutorialDownload Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.NEXTPlease download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exewhen the window opens, click on Change Parametersunder ”Additional options”, put a check mark in the box next to “Detect TDLFS Fi... Read more

Read other 15 answers
RELEVANCY SCORE 52.4

IE, Chrome and Firefox all experience the same symptoms. I type in nearly any search into the address bar, or in Google, it comes up with genuine search options in Google's page, I click on a link in the search, then it sends me to a not-legitimate page, or through a link to a different page (as if I clicked on an affiliate link).

Avast did not detect it at all; used Ad Aware to scan and remove, and it only detected 3 adtd cookies. Malwarebytes detected Trojan.VBKrypt and Backdoor,Bot and removed them, which temporarily (I mean 2-3 searches at most) stopped the issue. Uninstalled Avast and installed McAfee Total Protection Service which detected Generic.dx!iqs, Generic.dx, BackDoor-AWQ, Generic.dx!gic, and MWS. All removed, but as you can guess, the issue still persists.

Attached is the Attach.txt file.

Attached is a few files of RootRepeal crash logs. RootRepeal has a ton of errors causing me to not be able to scan or collect a log of any kind. Errors include 'FOPS - DeviceIoControl Error ! Error Code = 0xc0000024 Extended Info (oxoooooodc)', and when I attempt to scan, error 'DeviceIoControl Error ! Error Code = 0x0' appears. I'm guessing it might be because I'm using Windows 7...

Please advise on possible tasks and solutions. Thanks.

The following is my DDS.txt log file:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike Faria at 14:34:34.42 on 20/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows ... Read more

A:generic.dx, backdoor-awq, mws, trojan.vbkrypt, backdoor.bot - browser redirects on searches

UPDATE - A day later, McAfee Total Protection Service detects Hiloti.gen in svchost.exe. All of these files pop up in c:\Windows\TEMP\filename.tmp\svchost.exe.Hundreds pop up, all throughout the day whether or not I am here. I left my PC on and came back to over 200 to delete. Anyways, I did a bunch of searching on Google and BC, on a different PC since this one sends me to illegitimate sites to buy their program... Result = no one has an answer. It seems every forum I go to, people are instructed to run scan x with x program, then run scan y with y program, etc. with the post unending, full of log files and no solutions.I'm still holding out hope ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular ... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

Hi everyone. I seem to have gotten an "Unknown Backdoor Trojan" on my computer detected by an online Pest Patrol scan at http://www.pestpatrol.com/. None of my spyware scanners have detected this but the online scan did. It says that it goes by these aliases:

Backdoor.Lixy.h [Kaspersky]
Trojan.BAT.DeltreeY.bs [Kaspersky]
Trojan.Win32.Fynben.b [Kaspersky]
Trojan.Win32.TalkStocks.a [Kaspersky]

I had detected this trojan on my computer yesterday after doing a scan and then had to format my computer and reinstall everything to get rid of it. I updated everything and installed two firewalls plus Windows firewall and two anti-viruses (Norton and AVG) and I still have the trojan! Last night I scanned with Pest Patrol after the format and it wasn't there. Then my computer started acting up this morning and I scanned again and the trojan was back. I have now idea how I am getting this trojan! I use Webroot Spysweeper, Spybot Search and Destroy, Adaware (Spybot and Adaware are not yet downloaded and installed again), and Spyware Blaster. How on earth am I getting this thing?! What can I do to prevent it from coming back? I have 1 year of computer networking training and as far as I know I am not doing anything risky that would make me get this. Please help!

Here's a link to the page that Pest Patrol gave me about all this:

http://pestpatrol.com/pestinfo/U/Unknown_Trojan.asp#Detection and Removal
 

A:Solved: strange noise from computer was Unknown Backdoor Trojan -

Read other 16 answers
RELEVANCY SCORE 52.4

Referred here from: http://www.bleepingcomputer.com/forums/t/201605/i-use-a-notebook-and-my-mouse-has-been-moving-on-its-own/ ~ OBUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-02-01.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 11/22/2006 12:42:57 PMSystem Uptime: 2/13/2009 1:25:20 PM (1 hours ago)Motherboard: Hewlett-Packard | | 30A8Processor: Intel? Celeron? M CPU 410 @ 1.46GHz | U1 | 1463/mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 29 GiB total, 5.218 GiB free.D: is FIXED (FAT32) - 8 GiB total, 1.103 GiB free.E: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP422: 12/18/2008 8:07:36 AM - Software Distribution Service 3.0RP423: 12/19/2008 5:06:50 PM - System CheckpointRP424: 12/25/2008 10:51:45 AM - System CheckpointRP425: 12/26/2008 11:46:29 PM - System CheckpointRP426: 12/28/2008 9:16:48 PM - System CheckpointRP427: 12/31/2008 5:09:24 PM - System CheckpointRP428: 1/1/2009 11:00:00 PM - System CheckpointRP429: 1/8/2009 9:42:59 PM - System CheckpointRP430: 1/10/2009 1:00:25 AM - System CheckpointRP431: 1/11/2009 7:29:32 PM - System CheckpointRP432: 1/12/2009 10:21:10 PM - System CheckpointRP433: 1/14/2009 3:20:00 PM - Software Distribution Service 3.0RP434: 1/15/2009 7:08:58 AM - Installed Ultima Online: Mondain's LegacyRP435: 1/15/2009 7:24:13 AM - Installed Java™ 6 Update 11RP4... Read more

A:Possible backdoor trojan copies passwords and sends it to person's computer DDS log

I don't kknow if this helps but my mcafee detected a Exploit-Byte Verify in my java files >.> i hope that helps. it was quarantined on the 8th. When i was playing a game it kept spamming these words. My email address got screwed but i resolved it >.>;. I'll do my best until i'm helped. My main computer died from this crap, i don't wanna lose this one esp that i own both of them T_T.

Read other 10 answers
RELEVANCY SCORE 51.6

On start up, Norton finds the "backdoor trojan" in a program called web rebates0 exe. and can't repair it, so I put it into quarantine, and then it finishes loading
( Windows ME) As soon as it finishes loading,I get a blue screen with the Norton Anti Virus message,this time in bright red in the middle of the blue screen, asking what I want to do with the above mentioned file, since it is infected with the "backdoor trojan."At this point, I can no longer use the mouse and the computer is frozen. When I start in safe mode, Norton's doesn't run on start up, so I can operate the computer only in safe mode. Anyone know what this is all about?
 

A:norton anti virus freezes computer when it finds Backdoor Trojan

Read other 7 answers
RELEVANCY SCORE 51.6

Hi,

im a new user, and my computer knowledge is pretty basic in every sense of the word.
i did download the hijackthis program, and did the scan and save the log and have no idea now where it is saved and when ive tried to go back into the program i cant....

my problems are my laptop crashes alot, the blue screen comes up, i dont really understand why and im constantly getting trojan backdoor threat pop-ups like literally every 2mins and the option is to quarantine or allow, the files are always in my windows/system32 folder, so i basically removed every file my laptop allowed me to from my system32 folder, and as a result think i have affected other sections of my laptop.

please help i cant do anything on my laptop without the threat popups coming and im beyond annoyed.

thanks, these are my basic comp details:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57, x64 Family 15 Model 104 Stepping 2
Processor Count: 2
RAM: 1916 Mb
Graphics Card: ATI Radeon X1250, 128 Mb
Hard Drives: C: Total - 76236 MB, Free - 28230 MB; E: Total - 74888 MB, Free - 70078 MB;
Motherboard: TOSHIBA
Antivirus: AVG Anti-Virus Free Edition 2011, Updated and Enabled
 

A:computer crashes and blue screen comes up AND trojan backdoor threats CONSTANTLY

dds:

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead ... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Ok I spent the evening trying to fix my cousin's computer. I was removing spyware and she said she had a problem with available memory. I checked it out and she has an 8 gig HD with only 61 MB available. So I scanned with her un-updated Norton and it detected a trojan virus. So I updated her Norton first then scanned the HD and it found the following viruses.

Pic.exe Backdoor.SubSeven2
Shawn1.jpg Backdoor Trojan
winsys98.bat IRC Worm Generic

Norton found them but was unable to remove and fix the problem...all it could do was quarrentine the files. Anyone have any advice?
 

A:Backdoor Trojan, Backdoor SubSeven2 and IRC Worm Generic

Read other 16 answers
RELEVANCY SCORE 51.2

Windows Vista Home Premium Service Pack 2 - 64 Bit Operating SystemPROBLEMS AND ISSUES1) When searching in IE8 or firefox, the result page shows the usual list of search results. However if I click on a search result, I am redirected by "www.100ksearches.com/...." or "www.1hunnidksearches.com/...." to an ad page or coupon page related to my original search. 2) Firewall has been disabled and cannot be restored to protect my computer. I still have internet access and safe mode functions. These Non-Plug and Play Drivers are not working properly (error messages in device manager hidden files) : mpsdrv, aswTdi, and aswRdr.3) Kaspersky Virus Removal Tool detected these infections but once removed windows wouldn't restart and I had to restore windows to a previous state: #1 Object C:\Windows\assembly\GAC_32\Desktop.ini has Trojan Program: Backdoor.Win32.ZAccess.de #2 Object c:\Windows\System32\consrv.dll has Trojan Program: Backdoor.Win64.ZAccess.a #3 Object c:\Windows\assembly\GAC_32\Desktop.ini has Trojan Program: Backdoor.Win32.ZAccess.de4) Avast! Antivirus detected an infection of the consrv.dll file with Trojan:Win64/Sirefef.B but when I send the consrv.dll to the virus chest, the computer won't restart and I am forced to restore again. Avast full scan was disabled to start this thread but now refuses to turn back on.5) Malwarebytes Anti-Malware and TDSSKiller does not detect a virus ... Read more

A:Google Redirect, Backdoor Access, Trojan Infection to Windows Vista 64-Bit Computer

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 51.2

hi i was hopeing that you could help?

Deckard's System Scanner v20071014.68
Run by Trevor Cray on 2008-04-05 10:53:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
70: 2008-04-04 21:54:05 UTC - RP211 - Deckard's System Scanner Restore Point
69: 2008-04-04 21:47:45 UTC - RP210 - Software Distribution Service 3.0
68: 2008-04-04 12:22:57 UTC - RP209 - Restore Operation
67: 2008-04-03 14:30:57 UTC - RP208 - System Checkpoint
66: 2008-04-02 14:23:45 UTC - RP207 - System Checkpoint


-- First Restore Point --
1: 2008-03-27 11:31:20 UTC - RP142 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.87 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-05 10:57:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common... Read more

A:computer slow virus off msndouble click, trojan,Lop, Js/Psyme, BackDoor.ircbot and BH

Hello and Welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Read other 8 answers
RELEVANCY SCORE 51.2

On Tuesday a fast mp3 plugin was installed on my computer, since then and since Mozilla Firefox was opened for the first time I have been having alot of problems with my computer. I cannot access all of the internet pages I once could, a blank screen appears for some. I cannot uninstall any programs using add/remove, a couple of days ago my computer kept crashing and it said it recovered from a serious error. Symantec email windows kept popping up with spam, [I uninstalled then reinstalled Norton Antivirus and that stopped as well as the computer crashing], and my windows firewall said due to an unidentified problem it couldn't display settings. So many spyware trojans and viruses have been found with my Ad-Aware, Spybot, Norton Antivirus, Windows Defender, Xoftspy, and CCleaner programs all of which fail to eliminate all of the spyware and viruses. There were so many things found I couldn't name them all but some that kept popping up were Trojan Anserin, Downloader, Haxdoor, Torpig, Killsec, Spydoctor2006, and windowssecuritycenterfirewalldisabled. How can I get rid of all these problems, I just took my computer to a repairman a month ago for basically the same problems, he installed CCleaner to help with these problems but it hasn't worked. He also installed Mozilla Firefox which I just opened, I was wondering if this could also be causing problems. Please help, I don't want to have to take my computer back to the shop again. Logfile of HijackThis v1.99.1Scan saved at 10:49... Read more

A:Torpig, Trojan Anserin, Killsec And Many Other Viruses And Spyware Found On Computer After Fast Mp3 Plugin Installation

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Your system is terribly infected. The problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution. So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused... Read more

Read other 22 answers
RELEVANCY SCORE 50.8

I have run ad-aware and spybot. I have Norton Antivirus 2002. About/blank takes over start page, "unable to repair" pop notice from Norton reagarding backdoor trojan, backdoor agent, and download trojan. HELP
 

A:about/blank - backdoor agent b - backdoor trojan

Hi bogey6438

Welcome to TSG!

Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download and save the file to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

The log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

Read other 1 answers
RELEVANCY SCORE 50.8

Using windows xp home edition and Microsoft Antispyware Beta 1 I came across problems logging into partypoker.com as every time I logged in the above noted spywareTrojan.Backdoor.Small.FB Backdoor spyware was picked up by my spyware program and I had to delete it. My spyware was a freebie and running out soon so I went on line and downloaded the new beta 2 microsoft defender. Big mistake.... slowed everything down and started getting all kinds of disconnects and black screens, etc. etc. Anyway deleted the beta 2 and then reset my computer to previous date to get the beta 1 back and now the beta 1 isn't working either. Am also using AVG anti-virus program and that full scan comes up clean. Everything seems to be there,however, when I click on run scan for the spyware program nothing happens????? Any suggetions for a good spyware program download other than microsoft? Thank you.
 

A:Trojan.Backdoor.Small.FB Backdoor Spyware

Read other 8 answers
RELEVANCY SCORE 50

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

Read other 1 answers
RELEVANCY SCORE 50

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 49.6

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 49.2

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

A:Trojan Horse Backdoor Generic6 and Trojan Horse IRC Backdoor Sdbot2

Read other 12 answers
RELEVANCY SCORE 49.2

Ars Technica reports of a new Mp3 eating trojan. Thanks to Iamthatdizzy @ xtremods.com forums for posting this over there.Ars Technica News Articleedit: the file name is W32.deletemusic.

Read other answers
RELEVANCY SCORE 48.8

Greetings,
Ive got a problem with my internet connection over a small network,
Ive got ntl cable broad band, which runs into a Draytech vigor broadband security router, hub thing. There is one other computer on the network which when on the net, flies, however the other machine is painfully slow.

I suspect it is something to do with my connection settings, perhaps it thinks it has 56k connection, but how do I configure or test my connection settings to go quickly?

The last time I used this machine on the net it was in a different country,
on a 56k modem and using dial up. Any thoughts?
 

A:Fast, Connection, Fast computer, Slow net!

it will help if you tell us what oS are on those computers
 

Read other 3 answers
RELEVANCY SCORE 48

Hi world !
I am on windows xp and a friend recently managed to get a trojan called cassava onto my pc.
I have run spybot and a trial version of kapersky mulitple times and still have no joy !
is this a case of a complete system re install or is there another way ?
If there is anybody out there who could help i would be eternally gartefull !
cheers
x

A:Cassave Trojan Eating Me Alive ! Please Help Someone !

try with pc tools spyware doctor. If you are able to find out the name of the trojan, then you could be able to get that aswell. Fist of all check whether it is infecting your internet explorer (if you are using), you can check its presence by going on the tools option and manage add on section. If its there then there will be associated .dll files in system 32 folder of windows.

Kindly let me know the symptoms, then i can suggest you better.

Read other 14 answers
RELEVANCY SCORE 48

Hello. First-time Caller.

I am running a Dell Dimension 4700, which had XP, SP3. About a month ago, I tried to install a new HP printer, and the HP software was nearly impossible to get fully working properly. After installing & uninstalling it several times, something happened to my OS. Everything slowed to a crawl. Clicking on "My Computer" or "My Documents" caused the computer to hang or freeze. Then, launching programs took forever. Then, various things happened as time went on:

- Files and programs started disappearing off my desktop and hard drive.

- Disk Management Service is unavailable. The error message I get is "Logical Disk Manager - Server Execution Failed".

- Other services (like System Info) do not respond or have any info filled in.

- Windows Update does not work at all. I get stuck in a loop on the "Files Required to use Windows Update are no longer registered or installed" page. I try to download and register, I get the same page coming back to me.

- Many root certificates are missing, such as "No Liability Accepted". I have no way to get a copy from another computer.

I tried CHKDSK, SFC, System Restore, Recovery Console, AVG, and several anti-virus and anti-malware programs. Nothing was found. I even got a new hard drive, thinking my old hard drive was starting to die. Same problems. I uninstalled Windows XP SP3 and reinstalled XP SP2, which is where I'm at now. Same problems. Finally, Tr... Read more

A:Rootkit or Trojan virus eating away my OS

Read other 6 answers
RELEVANCY SCORE 48

I'm running on Windows XP Media Center. I've been using Webroot's Spysweeper and PCtools antivirus, and i've constantly picked up the same alerts every time I run a scan and removing them. After removing them and rebooting my computer, I get a fakealert on my taskbar which I can't seem to remove either. I've also tried booting in safe mode and running a scan, but that didn't work either seeing as how everything seemed to come back as alerts when I restarted. I've also noticed that Windows Defender has an error when I startup my computer. Thats the most I can recall happening. I've temporarily removed the red circle with the X on it (fakealert) that advertises some spyware product by closing explorer.exe from my process tabs and restarting it with run.

A:Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Hello Kanko and welcome.Please run this first, post back the scan report and tell us how the PC is doing now.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message ... Read more

Read other 10 answers
RELEVANCY SCORE 48

Hi,

My Symantec was sending messages regarding trojan.vundo, trojan.metajuan and backdoor.trojan. I found some info that lead me to your combofix tutorial, which I run and now the pc seems fine, though, in the tutorial is strongly recommended to post the log. Should I?

Thank you!!
-Cristina.

Read other answers
RELEVANCY SCORE 47.6

First of all, thank you for taking the time to read this, as well as for any assistance you can provide.I was attempting to fix a friend's computer, and after saving the hijackthis log to a thumbdrive (I couldn't access this site due to the trojans or whatever it has), I inadvertently infected one of my own computers with the same thing.Some of the effects of the trojans/whatever are: background is hijacked with notice that computer is infected, cannot access any websites for help, cannot access Task Manager, screen saver hijacked with roaches eating the screen, taskbar popups indicating that the computer is infected and to "click here" for help, and IE will automatically open when computer is booted in normal mode to site called "about:security" that has links to spyware for purchase.AVG is also installed, and found: KillAV.KR, SHeur.BJSJ, and some other threats along with the SHeur in the WINDOWS/system32 folder: Downloader.Agent.15.A.000080.exe and dFmx06/dFmx061083.exe (I'm not sure if the last one is written correctly; it disappeared before I could write it down legibly.I was able to put the text of the original hijackthis log into an email, send it to myself (hotmail account) and access it through another computer. If someone could look it over, as well as take the above information into consideration, and help me fix this, I would be grateful. (I can also send a hijackthis log from the computer that got infected from the thumbdrive if applicable.)~~... Read more

A:Please Help...trojan Killav And Roaches Eating Screen

Hello Intrepidkhan and welcome to BC. It looks like there are a few icky things in there. Let's see what else we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to sele... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Few days ago my dad opened an email which as you can see delivered all above viruses and trojans. Since then I have been going through the logs and system registery and cleaning all the trojans, I have used Symantec(norton), Ad-aware, Spybot, Xoftspy and few other spyware and adware removal tools, I have gone through step by step removing each and every files explained in Many websites, but the bloody thing keeps coming everytime I restart the pc. Oh yes, I have made a bootable cd and removed it from boot sector and memory as well but it didnt help! dont laugh but i was so pissed off, i was about to remove the motherboard battery! haha (joke)

Ok, Im not too experienced in pc like you all but i do ok, however, I need your help. First of all, the pc is 100 times slower! I get a red desktop with few internet links in it (ofcourse "warning you have spyware, click here to remove it"), I can not remove this desktop because everytime i go to remove it, the mouse wont click on any other desktop picture in display properties.

Every time i loginto windows (XP Pro SP2), I see about 20 weired .exe files loading in task manager. THey are all in system32 directory, i remove them, then they show up with a different name such as QLP.EXE, or KPE.EXE and ect.

THe most important effect is that I can not see the desktop files at all! I only have Recycle bin and on the desktop. I tried to search for the directories but they are not there, however, the search result sho... Read more

A:Trojan or Virus, Bloodhound.Packed, Backdoor.Mutny, Trojan.Startpage and Dloader-FC

run Kapersky as described here
http://forums.subratam.org/index.php?showtopic=3466&hl=bube

then download this attachment, to the desktop, rightclick it & rename it to fix.reg and double click it and say yes to the prompts to merge with the registry then post a new hjt log please

http://forums.techguy.org/attachment.php?attachmentid=53089
 

Read other 1 answers