Over 1 million tech questions and answers.

[SOLVED] unable to remove Trojan Horse ccfgn.dll

Q: [SOLVED] unable to remove Trojan Horse ccfgn.dll

Hi,
Every time i open internet explorer norton antivirus alerts Trojan Horse virus present in
C:\WINDOWS\SYSTEM32\CCFGN.DLL and
C:\WINDOWS\system32\ccfgn.dll
Reports action taken as 'access to file denied' for both
Have provided requested details, pls help.
Thankyou.



DDS (Version 1.1.0) - NTFSx86
Run by ramnath at 23:00:52.65 on Mon 01/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.344 [GMT 5.5:30]

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\ramnath\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ramnath\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: {fc6cea02-6835-4c1a-9887-77b380a84881} - c:\windows\system32\ccfgn.dll
TB: {12F02779-6D88-4958-8AD3-83C12D86ADC7} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [Google Update] "c:\documents and settings\ramnath\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TP4EX] tp4ex.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\msupd72396.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 hllfetcr;hllfetcr;c:\windows\system32\drivers\hllfetcr.sys [1980-1-1 23424]
R1 DSMBATT;DSMBATT;c:\windows\system32\drivers\DSMBATT.SYS [2002-8-22 9888]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2002-8-22 2295]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\SAVRTPEL.SYS [2004-12-10 50312]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2002-8-22 12288]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081231.003\NAVENG.Sys [2009-1-1 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081231.003\NavEx15.Sys [2009-1-1 876112]
R3 SAVRT;SAVRT;c:\program files\norton antivirus\SAVRT.SYS [2004-12-10 338056]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 14175]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 197992]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys --> c:\windows\system32\drivers\AmeAtmPc.sys [?]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [1980-1-1 55808]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [1980-1-1 55808]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2003-9-11 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2003-9-11 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2003-9-11 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2003-9-11 60416]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79208]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\cnxetp.sys --> c:\windows\system32\drivers\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\cnxetu.sys --> c:\windows\system32\drivers\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\cnxtgnp.sys --> c:\windows\system32\drivers\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\cnxtgnw.sys --> c:\windows\system32\drivers\CnxTgNW.sys [?]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]

=============== Created Last 30 ================

2009-01-05 17:17 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-01-05 16:48 <DIR> a-dshr-- C:\cmdcons
2009-01-05 16:31 161,792 a------- c:\windows\SWREG.exe
2009-01-05 16:31 98,816 a------- c:\windows\sed.exe
2009-01-05 12:41 <DIR> --dsh--- c:\windows\ftpcache
2009-01-04 13:50 <DIR> --d----- c:\program files\common files\SWF Studio
2009-01-02 17:18 <DIR> --d----- c:\windows\pss
2008-12-29 20:01 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-12-29 19:49 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-23 11:12 <DIR> --d----- c:\windows\system32\scripting
2008-12-23 11:12 <DIR> --d----- c:\windows\l2schemas
2008-12-23 11:12 <DIR> --d----- c:\windows\system32\en
2008-12-23 10:44 <DIR> --d----- c:\windows\network diagnostic
2008-12-23 00:17 157,184 -------- c:\windows\system32\dllcache\wmidx.dll
2008-12-23 00:16 1,148 -------- c:\windows\system32\dllcache\snd.htm
2008-12-23 00:15 412,160 -------- c:\windows\system32\photometadatahandler.dll
2008-12-23 00:14 76,800 -------- c:\windows\system32\msshavmsg.dll
2008-12-23 00:13 262,144 -------- c:\windows\system32\dllcache\mpg4ds32.ax
2008-12-23 00:12 10,752 -------- c:\windows\system32\smtpapi.dll
2008-12-23 00:12 9,728 -------- c:\windows\system32\rwnh.dll
2008-12-23 00:12 974 -------- c:\windows\system32\pid.inf
2008-12-23 00:10 381,425 -------- c:\windows\system32\dllcache\copycd.wmv
2008-12-23 00:09 136,192 -------- c:\windows\system32\aaclient.dll
2008-12-22 23:46 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-22 19:59 <DIR> --d----- c:\program files\SymNetDrv
2008-12-22 19:35 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2008-12-22 18:52 138,496 -------- c:\windows\system32\dllcache\afd.sys
2008-12-22 18:51 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-12-22 18:50 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2008-12-22 18:50 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-22 18:50 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2008-12-22 18:49 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2008-12-22 18:49 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-22 18:49 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-22 18:48 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-22 18:48 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-22 18:48 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-12-22 18:44 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-12-22 18:43 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-22 18:43 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-22 18:43 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-22 18:43 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-22 18:43 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2008-12-22 18:40 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2008-12-22 18:40 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-22 18:39 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2008-12-22 18:38 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-12-22 18:38 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-12-22 18:33 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-12-22 15:24 <DIR> --d----- c:\program files\Norton AntiVirus
2008-12-22 15:23 124,016 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-22 15:23 91,904 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-22 13:48 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-22 08:08 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-22 08:08 208,744 a------- c:\windows\system32\muweb.dll
2008-12-22 08:08 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-21 19:51 <DIR> --d----- c:\program files\common files\xing shared
2008-12-20 13:57 <DIR> --d-h--- c:\windows\msdownld.tmp
2008-12-20 13:43 <DIR> --d-h--- c:\windows\$hf_mig$
2008-12-19 16:27 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-19 16:18 <DIR> --d----- c:\windows\peernet
2008-12-19 16:18 <DIR> --d----- c:\windows\provisioning
2008-12-19 16:04 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-19 15:37 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-19 15:20 <DIR> --d----- c:\windows\EHome
2008-12-12 14:05 33 a------- c:\windows\Multimedia manager.INI

==================== Find3M ====================

2008-12-23 11:29 87,295 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-21 19:42 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-21 19:42 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-13 12:10 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-13 11:02 116,480 a------- c:\windows\system32\ccfgn.dll
2008-11-02 12:06 16,421 a------- c:\documents and settings\ramnath\Start Menu.zip
2008-10-23 18:06 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 18:06 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 18:41 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 12:36 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 12:34 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-11 20:58 112,969 a------- c:\windows\hpoins07.dat

============= FINISH: 23:02:09.79 ===============

RELEVANCY SCORE 200
Preferred Solution: [SOLVED] unable to remove Trojan Horse ccfgn.dll

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: [SOLVED] unable to remove Trojan Horse ccfgn.dll

BUMP, please.

Read other 1 answers
RELEVANCY SCORE 76.8

AVG is saying thatit infects various processes, if I search in my System32 folder for *.bmp I find the infected file, the name is a string of seemingly random letters and numbers which I can post here if necessary, after AVG healed the first file I looked through System 32 and another infected file showed up, this time it is named Trojan horse Agent.AADP, under that it says Detected an open.
the filename is ...system32\blphc97cj0e973.scr
in this case the process name is Explorer.EXE process ID 2336. (it has previously been detected in Spybot as well.)

The virus is slowing my computer down, reappearing after every attempt i've made to clean or otherwise remove it, and it seems to be trying to modify system files, although it appears COMODO firewall pro has blocked those attempts, at least for the time being.

A:Unable to remove Trojan horse Generic_c.VCZ

Bump, please.

Read other 1 answers
RELEVANCY SCORE 76.8

I have this software called SWF Sound Automation Tool, whenever I uses windows movie maker when I click on audio file, something pops up saying windows want to configure swf sound automation tool, and then it pops up some kind of error saying cannot write value to key etc, and I need to do cancel on the pop up and sometimes it hangs. Then my norton protection will pop up saying it blocks a trojan horse.
I tried to delete the software from control panel-remove software it doesn't work, then I do regedit and delete the entry in the uninstall area, however the control panel area still shows this software but it does not give remove button there anymore. However the problem still exists and hangs my movie maker! And I have no where to delete anything anymore, why this stupid software never goes away!
Please help! I attached HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 10:23:20 PM, on 1/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\W... Read more

A:Unable to remove a software (or is it trojan horse)?

First of all get rid of Symantec Norton and get a proper Amtivirus.
 

Read other 3 answers
RELEVANCY SCORE 76.8

For some time now AVG (version 9.0) has been detecting and removing viruses, but I more recently my laptop has acquired the above Trojan Horse. AVG detects it but I am unable to remove it as it says the infected files are inaccessible. The main Problems we have been having are being re-directed to other sites when trying to go to results of Google searches and also new windows being launched to random websites when already online. However, I believe that other symptoms now include being unable to view Adobe Acrobat files and images not being displayed (e.g. adverts).

I have run Malwarebytes Antimalware and Trend Micro's Housecall but neither picked up the Trojan Horse let alone were able to remove it. I have a HijackThis file if this would be useful to you.

I would appreciate any help you are able to give me as I feel the Trojan Horse is eating away at my laptop and I need to act before it is too late. Many thanks in advance.

A:Unable to remove Trojan Horse Adload_r.AKC

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 1 answers
RELEVANCY SCORE 76.8

My computer have been unstable since the trojan horse appeared, my norton antivirus facing internal program error, winpatrol crashing and setup.exe using temp folder is force terminated without any reason, my task manager has been disable by trojan (but i able fixed it using trojan hunter)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:33 PM, on 20/11/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalrRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exeC:\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\Launch Manager\QtZgAcer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\BillP Studios\WinPatrol\WinPatrol.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Acer\Acer VCM\AcerVCM.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\System32\rundll32.exeC:\Acer\Emp... Read more

A:3 Trojan Horse Found - Unable To Remove

Hello!You are infected!Smitfraudfix can not be used on a Vista machine, so we have to work this out without using it.Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.Download AVG Anti-Spyware from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

IMPORTANT: Do not open any o... Read more

Read other 1 answers
RELEVANCY SCORE 76

Hello, hoping someone can help me with this.

I am unable to remove the trojan horse as stated above. I can't seem to find the istsvc.exe which some sites suggested and therefore have been unable to remove it.

Here's my HijackThis log.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 16:44:51, on 26/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Windows\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:999
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compa... Read more

A:Unable to remove trojan horse Downloader.Istbar.5.AQ

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until ... Read more

Read other 7 answers
RELEVANCY SCORE 76

I downloaded a pdf writing tool from 'ehow' website a couple of weeks ago. Nothing noticeable has really happened apart from AVG resident shield yesterday warned me that I had an infection and that it couldn't fix the problem.

When I tried to remove the trojan AVG said 'action stopped by user'.

The file is "Trojan horse Generic26.BUQF";"C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe";"Infected";"21/01/2012, 02:49:26";"file";"C:\Windows\System32\svchost.exe"

My avg history shows the following logs from after I downloaded the programme:

"Trojan horse Generic26.BUQF";"C:\Users\David McKinnon\AppData\Local\Temp\oop6l14i.tmp\PDFConverterSetup.exe";"Moved to Virus Vault";"20/01/2012, 12:02:23";"file";"C:\Program Files\Safari\Safari.exe"

"Trojan horse Generic26.BUQF";"C:\Users\David McKinnon\AppData\Local\Temp\oop6l14i.tmp\PDFConverterSetup.exe";"Infected";"20/01/2012, 12:02:57";"file";"C:\Program Files\Safari\Safari.exe"

"Trojan horse Generic26.BUQF";"C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe";"Moved to Virus Vault";"21/01/2012, 02:48:32";"file";"C:\Windows\System32\svchost.exe"

I also noted it said process svchost process id 1024 on the resident shield alert.

On the resident shield log it ... Read more

A:Unable to remove Generic26.BUQF trojan horse

bump please

many thanks in advance

Read other 16 answers
RELEVANCY SCORE 70

I am new to forums so I hope I am posting this in the correct place.
Thank you for your reply Chauffer2.

To recap, I have a file ccfgn.dll in my system32 folder and can't remove it. I have tried turning off system restore, booting in safe mode and deleting it using the cmd command but I still can't remove it.

AVG, Spybot, AdAware and Malwarebytes are all unable to remove it and although AVG is aware of it and requests a reboot to complete deletion, the blooming thing is still there!

I have followed the 5 requested steps apart from installing E-Spyad as I thought that it might conflict with Zone Alarm.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:27, on 01/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Com... Read more

A:Can't remove ccfgn.dll

Quote:




I have followed the 5 requested steps




Hi -

Then, we should see here a log from Panda ActiveScan and a set of logs from Deckard's System Scanner.

HijackThis alone is frequently not enough to begin an analysis these days.

Please perform an online scan with Panda (Step 2), and post that log along with logs from DSS (Step 5)

http://www.techsupportforum.com/secu...oval-help.html

Also....please do this:

Please go to: VirusTotalOn the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following in BOLD:

C:\WINDOWS\system32\ccfgn.dll

Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

Read other 19 answers
RELEVANCY SCORE 69.6

I recently updated and ran AVG 6.0 and it came up with 2 viruses. One was able to be "healed" but the other, it says, is non-removable.

It is listed as:
Trojan horse Downloader.Presario.A
and is in:
C:\WINDOWS\SYSTEM32\msCMTsrvc.exe

Can anyone tell me how I can remove it? (and what it might be doing to my machine!)?

Thanks!
 

A:[Solved]Help! Trojan horse--can't remove!!!

Read other 16 answers
RELEVANCY SCORE 69.6

I've got a NAS (LinkStation) infected with the Bla trojan. I've never encountered a virus on these things so I'm not sure how to remove viruses from it. Is it as simple as having norton scan the folders on it and deleting the entries? I read on Symantec's site that the bla trojan can modify the registry. Does that part apply to a NAS?

TIA
 

A:Solved: How do I remove Bla trojan horse

Read other 16 answers
RELEVANCY SCORE 68

About every 20 mins. or so, my AVG virus scanner detects Trojans/Viruses named Generic10.SVU, Generic10.ABYM, worm/vb.abd, generic10.osz, sheur.blml, generic7.mpa, delf.buu. AVG says that these trojans/viruses are found in C:\windows\svchost.exe I've scanned my computer and deleted them about 3 times now but they just keep coming back (tried in safe mode too). I copy pasted my HJT log below. Please take a look and help me resolve this problem. Thanks.

----------
Logfile of HijackThis v1.99.1
Scan saved at 10:29:52 AM, on 28/05/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\00THotkey.exe
... Read more

A:Solved: Trojan horse virus won't remove (hjt included)

Read other 9 answers
RELEVANCY SCORE 68

Hi Techguyz,

I am suffering with Downloader.Generic2.AHR Trojan Virus. I saw some threads and download Hijackthis software. Here I am posting my log file. Please tell me how can I remove this Trojan,
---------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:25:04 AM, on 6/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft... Read more

A:Solved: Need help to Remove Downloader.Generic2.AHR Trojan Horse

Read other 10 answers
RELEVANCY SCORE 68

Hi

I am using Dell laptop with Windows XP OS and Norton Internet sesurity 2005.

Recently on May 23 rd Trojan Horse virus attacked on my system. I tried all sugested methods from Norton.

After I ran full scan, Norton found Trojan Horse virus in c:\WINDOWS\system32\vturoom.dll

but its not removing the virus...I came to know it cannot.

I searched the registry for file vturoom.dll, it is displaying few keys...Even after deleting the subkeys No luck.

Really appricite any help in this regard.
 

A:Solved: Trojan horse attacked in to Win XP system..Not able to remove

Read other 15 answers
RELEVANCY SCORE 68

Hey my first post in here

Today one of my friends send me a message with a link and it was something like this: "lol look at this uglyphotos.PDF" i downloaded the file, which was a big mistake. The file was a virus and i scanned my computer immediately with AVG. I found out it was a "Trojan Horse Downloader Generic2.OHA". I wasn't able to remove it correctly, so i hope you are able to help/guide me

Logfile of HijackThis v1.99.1
Scan saved at 21:07:51, on 17-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Programmer\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\PrintView\pvmodule.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\{BC862481-05FB-1030-0519-05043002002d}\Update.exe
C:\Documents and Settings\stisen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\S... Read more

A:Solved: How do i remove Trojan Horse Downloader Generic2.OHA

Read other 12 answers
RELEVANCY SCORE 65.6

Hi: This Acer 5040 laptop has had a broken screen and has not been in use since feb 08. After I acquired it and repaired it I found a Trojan Virus with AVG free AVG free found and moved it to the vault and required a restart, but infection was still there. After much trying found that this is a difficult thing to remove and have turned to the experts to help me solve this. I have attached the logs as requested in the instructions for a new post.


DDS (Ver_09-02-01.01) - FAT32x86
Run by Cuddy at 11:00:40.29 on 2009-03-09
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.374 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.... Read more

A:ccfgn.dll trojan removal help needed

Hello and welcome to TSF.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 16 answers
RELEVANCY SCORE 65.6

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wou... Read more

A:HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 13 answers
RELEVANCY SCORE 63.2

I started getting a Norton virus alert for Trojan.Vundo...unable to fix remove etc using Norton. Tried fixvundo but states I don't have the virus...but that Norton box won't stop...Help please..new computer using xp
 

A:Solved: Trojan.Vundo unable to remove...

Read other 14 answers
RELEVANCY SCORE 63.2

Norton AntiVirus tells me that I have the virus "Trojan.Vundo" in the file name C:\WINNT\System32awvvt.dll next to "Action Taken" it says "unable to reapair this file." after clicking OK next to "Action Taken" it says "Access to the file was denied." If I click OK again, it changes between the 2 messages.
I downloaded the removal tool from Symantec, but the tool said the virus was not found on my computer.
Is there anything I can do before I have everything on my computer deleted then reloaded?

Thanx in advance for any suggestions you might have.
Kjeirstin
Here is my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:42:06 PM, on 10/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NP... Read more

A:Solved: Unable to remove Trojan.Vundo

Read other 13 answers
RELEVANCY SCORE 63.2

Hi there

My laptop is infected with Trojan Vundo, I keep getting popups. I have tried many attempts to remove it as suggested by David and Cheeseball in this forum but I am still facing the problem.
Here is the log of hijack this , please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:31 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\... Read more

A:Solved: Trojan Vundo unable to remove

Read other 16 answers
RELEVANCY SCORE 62.8

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 62.4

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 62.4

hi neither norton antivirus or ad-aware can remove this... can anyone help?
thanks heaps
jo
Logfile of HijackThis v1.99.1
Scan saved at 7:15:38 PM, on 21/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = re... Read more

A:Solved: Unable to remove trojan.startpage.m / hjt log attached

Read other 9 answers
RELEVANCY SCORE 61.6

Hello. I have a Windows XP, as well as a nasty Virus- Trojan.Vundo.

I have tried using the Norton removal tool, yet with no result. I really need help with this, because I followed the instructions properly, yet the virus was able to still take over my computer.

This is what I wrote to a Symantec Representative, and still I would like to share this information here, because he did not provide me with any exact info on how to deal with my problem:

I am having a lot of trouble with my current virus- Trojan.Vundo, which your removal tool does not exactly remove.

I have tried using your removal tool over, and over again in safe mode while System Restore was off. It found the infected areas all the time and terminated it. (iexplorer and explorer)

Then, when working on the computer normally after system restore enabled, the problem still existed.

ROOT OF THE PROBLEM:

Today, I attempted to work with the removal tool once again. I did, it terminated the processes Iexplorer and explorer in safe mode while system restore was disabled. Then, I ran a Norton quick scan, found the infected registry keys and deleted them.

After all of that, I restarted my computer in normal mode and it started acting very strange. My desktops icons turned blue after right clicking on the IE icon. Feeling that this is not right, I restarted my computer. [Please click the link to see what I mean about the icons.]

Then, my wallpaper was gone, icons still blue arranged in different order, it asked me... Read more

A:Solved: Unable to remove Trojan.Vundo even with removal tool.

Read other 16 answers
RELEVANCY SCORE 61.2

I have a trojan horse warning pop up whenever I surf the web and Norton can not remove the file. Whenever I get that I do a system restore to an earlier date, but occasionally it still pops up every so often again while surfing. Please help me remove this trojan if it's seen in my Hijack This log seen below. I'm not sure how serious this trojan is, but I would like it to be removed without doing a fresh reinstall. Please help thanks. Norton usually finds the file in my content.ie5 temporary folder and says it's unable to remove it. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:26 PM, on 9/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeD:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeD:\WINDOWS\Explorer.EXED:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeD:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeD:\Program... Read more

A:Tojan Horse Seen By Norton Unable To Remove

Hello DoubleJ29,I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\ViewpointI notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any promptsYou can reenable TeaTimer once your system is clean. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan... Read more

Read other 8 answers
RELEVANCY SCORE 61.2

I have tried AVG and spybot defender but it wont get rid of this nasty virus. It wont lt me google anything to find a solution. I need help, pleaseeeeeeee.

A:how do I remove this trojan called trojan horse agent2.ONU

Welcome to BCLets start out with MbamThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Res... Read more

Read other 3 answers
RELEVANCY SCORE 60

how cam i remove trojan horse smal.fth from my laptop

A:how to remove trojan horse

  samymaarten.
 
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Run Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
right click to run as administrator (XP users click run after receipt of Windows Security Warning - ... Read more

Read other 7 answers
RELEVANCY SCORE 60

how do i remove trojan horse remove?

A:help how do i remove trojan horse :-(

Have you tried using an Anti-Trojan application? Something along the lines of BOClean, Trojan Defence Suite, Trojan Hunter, etc.

I know off hand that both TDS and TH have free trial versions offered.

Read other 2 answers
RELEVANCY SCORE 60

C:\Program Files\BACKUP\inst.exe is infected with Trojan Horse
what is this ? hahaz
 

A:what is this ?? how to remove ? trojan horse

Logfile of HijackThis v1.99.1
Scan saved at 11:10:54 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\nus\vpn\installservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SVOHOST.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zhe Heng\Desktop\HijackThis.exe
C:\Documents and Settings\Zhe Heng\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,St... Read more

Read other 1 answers
RELEVANCY SCORE 60

Hi,

I am running AVG and i have it minimized now. It was like 5 threats of trojan horses. It has not stopped still scanning. What should i do? Please help me don't let it get in my system..
 

A:Please help me remove a trojan horse???

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 60

I have a trojan horse bho.x which i am unable to remove with any programs i have used like ad adware, spayware stop, kaspersky, mcafee any you name it.

The location of the tronjan is: C:\windows\system32\iprtrmg.dll

You will see the trojan in the 5th line of the O2 section.

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:48, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\ePM\EPM-DM.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C... Read more

Read other answers
RELEVANCY SCORE 59.2

i have an aceraspire 5720 operating vista and have detected trojan horse fakealert.nz as a desktop icon and pop ups threat c:/programdata/25501215/25501215.exe
I am with avg and they are refusing to help, does anyone have a step by step guide to removal as this is my dad's pc.

help please!!!!
 

A:how to remove trojan horse fakealert.nz

Welcome to TSG

Sorry for the delay.

Do you still require assistance?
 

Read other 1 answers
RELEVANCY SCORE 59.2

Hello,I'm having issues with Trojan Horse Generic29.GJG Computer is very slow. I ran AVG and the problem is C:\Windows\system32\svchost.exe (992):\memory_001a0000 Different times I conduct the scan the 992 changes to another number. Anyone had luck removing it? Any help would be appreciated. Thank you.

A:Trojan Horse Generic29.GJG / What do I do to remove it?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers
RELEVANCY SCORE 59.2

please can someone help me

Logfile of HijackThis v1.98.2
Scan saved at 9:27:39 PM, on 10/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\webshots.scr
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://crackspider.net/ie/sbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com
R1 - HKLM\Software\Microsoft\Internet Explore... Read more

Read other answers
RELEVANCY SCORE 59.2

Seems to be making my homepage a porn site and will not let me change it.

Appeared to happen directly after visiting a site called Gimmicks & Dooberries!!

Tried AVG to remove it but says it cannot be removed and i am still afftected.

What can i do?

PauL
 

A:Cannot Remove: Trojan Horse.Small.5.AI

Read other 12 answers
RELEVANCY SCORE 59.2

//Mod edit: Split from post here > http://www.bleepingcomputer.com/forums/ind...mp;#entry423379Ya i did everything in that link you gave me, and here's the Hijack This scan:Logfile of HijackThis v1.99.1Scan saved at 6:49:23 PM, on 1/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Musicmatch\Musicmatch Jukebox... Read more

A:Infected With Trojan Horse, Don't know how to remove

Hello DKP, I am SifuMike and I will be helping you. Please download CWShredder, from one of the following sites.http://www.trendmicro.com/ftp/products/onl.../cwshredder.exehttp://www.majorgeeks.com/CWShredder_d3019.htmlhttp://intermute.com/spysubtract/cwshredder_download.htmlFirst, be sure to update CWShredder.Then close every window, disconnect from Internet and doubleclick the CWShredder icon on your Desktop.Click Fix and then Next, let it fix everything it asks about.Then, please reboot. Please download SmitfraudFix Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 8 answers
RELEVANCY SCORE 59.2

Hi,
 
Initially posted this on wrong board, link to that post which contains an FRST log below:
 
http://www.bleepingcomputer.com/forums/t/495425/trojan-horse-generic29ajge-help/#entry3057359
 
So following advice given I've started at step 6 and below and attached are logs from running DDS...
 
DDS Notepad
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Nick at 21:06:48 on 2013-05-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.7990.5444 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1... Read more

A:Trojan Horse Generic29ajge - need help to remove!

Hello smudger78 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 5 answers
RELEVANCY SCORE 59.2

Hey, im new to this so sorry if i post anything wrong,

I found out today that i had vundo today and i looked around the net for something to help remove it,
I found vundofix but it didnt detect anything yet AVG did,
Here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 18:35:54, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Pr... Read more

A:Trojan Horse Vundo.G Cant remove

Bump
 

Read other 2 answers
RELEVANCY SCORE 59.2

I'm using windows xp and I'm running Avg for anti virus,AVG can detect it but cant remove it. what would be the best way..somebody please help
 

A:trojan horse dialer.9.be AVG cant remove

Does avg give a location of the trogen. Also what is your os.
 

Read other 2 answers
RELEVANCY SCORE 59.2

Trying to open more than one IE window will cause my PC to freeze up. Certain web pages will not open. My anti-virus AVG found avirus I 'm unable to delete, I have Windows XP but no access to a Windows Install disc, or a Boot CD. I have attempted deleting virus using online virus software without success.

The following is from AVG virus found:
C:\system volume information\microsoft\smss.exe
Trojan Horse Generic 18.RUJ detected open
Process name:C\windows\system32\winlogin.exe
Process ID:608



DDS (Ver_10-03-17.01) - NTFSx86
Run by Steven at 18:38:27.35 on Sun 07/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1229 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wirele... Read more

A:Remove Trojan Generic Horse

Welcome to TSF :)

What is the location of the virus AVG keeps detecting?

Read other 19 answers
RELEVANCY SCORE 59.2

Hi , please help
I scan my computer with AVG anti virus and it found trojan horse dialer which couldn't be healed ,is there any removal tool or any easy way to remove this??
thanks everybody

A:Help, How Can I Remove Trojan Horse Dialer?

Try running AVG in Safe Mode.How to start Windows in Safe ModeIf that doesn't help, run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/Also this online Trojan scanner:TrojanScanAre you using these basic security programs?(They're all free.)a? free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. a? fills this gap.ewido security suite - offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers.Ad-Aware - A good program similar to SpyBot S & D.Spybot S&D - Detects and removes spyware, of different types, from your computer.Spywareblaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...Download them, update them, and then run them.When installing ewido security suite, under Additional Options uncheck:Install background guard... Read more

Read other 1 answers
RELEVANCY SCORE 59.2

Hello,

Thanks in advance for your time. I don't know how this happened, but my computer suddenly restarted itself one day so I ran a full Malwarebytes scan. It showed the following results:

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3080 -> No action taken.

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

I've tried running Malwarebytes in safe mode but it hasn't removed the trojan.

Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:18 PM, on 2/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
F:\Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.skyhillkids.com/mm/hd_providersearch.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R... Read more

A:Can't remove a trojan horse (svchost.exe)

Read other 16 answers
RELEVANCY SCORE 59.2

AVG Free found trojan horse psw.onlinegames3.isi.
WinXP home, SP3, IE8.
Don't know what else to post.
How do I remove it? thanks
 

Read other answers
RELEVANCY SCORE 59.2

all of a sudden I got this sheild in the small icons menu that never been there before, trying to scare me into buying some bogus antivirus software by continually opening pop up windows. I restarted the computer in safe mode and ran malwarebytes and AVG. Malwarebytes showed 12 infections!! and AVG also showed SEVERAL infections. All were removed except for a couple that had to be removed by restarting the computer. Fortunately, it did get rid of the blue sheild icon and the pop ups but I ran AVG again & it showed Trojan Horse Sheur2, which I have read is not easy to get rid of as it has a host of other viruses with it. I can't get rid of this thing for nothin! The main problem I continue to have is everytime I google something and click on a link, I get redirected to these trash websites over and over again. Periodically I can get to the website I intended to go to but this is still a problem - also, my computer will shut off from time to time without warning!

Can anyone please give some step-by-step advice on how to get rid of this thing?

Best Regards.

A:How Do I Remove Trojan Horse Sheur2

Please post the results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\LogsPlease download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.alternate download linkPlease download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, res... Read more

Read other 12 answers
RELEVANCY SCORE 59.2

AVG Free Antivirus 8.0 detected this TJ in my computer. I need a removal tool for it.

Read other answers
RELEVANCY SCORE 59.2

AVG Free discovered trojan horse psw.onlinegames3.isi
I have winxp home edition, sp3, IE8.
Don't know what else to post.
How do I remove it. thanks

A:How to remove trojan horse psw.onlinegames3.isi

Hello and welcome to Bleeping Computer.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process... Read more

Read other 3 answers
RELEVANCY SCORE 59.2

I have run AVG and Malwarebytes. Neither have been able to remove this Trojan. I have tried deleting the file C:\WINDOWS32\ciod.dll and it reapears almost instantly. Something is obviously rewriting this file, I just don't know where it's coming from. Any help is greatly appriciated. (FYI... I have nothing on this machine that needs to be backed up, it is mainly to allow guests internet access.)
Attached is a copy of my HIJACK THIS log:

A:Help remove Trojan Horse Agent 4.0

Howdy, my name is Hoov, and I will be helping you with your dilemma. I appologize for the delay in getting you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, f... Read more

Read other 3 answers