Over 1 million tech questions and answers.

MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

Q: MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
mbam-log-2012-12-29 (15-25-09).txt 5.9KB
3 downloads

mbam-log-2012-12-29 (18-25-47).txt 2.05KB
2 downloads

RELEVANCY SCORE 200
Preferred Solution: MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 172.4

HI - My other computer is now infected. I ran MBAM in safe mode and got this:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC110658 [administrator]

9/5/2012 3:04:53 PM
mbam-log-2012-09-05 (16-11-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407178
Time elapsed: 33 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent (Trojan.LameShield) -> Data: C:\Windows\Temp\temp93.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|sqlldlpl (Trojan.LameShield) -> Data: C:\Users\Owner\AppData\Local\sqlldlpl.exe -> No action taken.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> ... Read more

A:Trojan.LameShield, Trojan.0Access, Heuristics.Shuriken, Rootkit.0Access.64

Hello mattsbach, ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Win... Read more

Read other 35 answers
RELEVANCY SCORE 147.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 146.8

Hello,
 
I am pretty sure my computer has caught the virus.  It goes to the blue screen of death after a minute or 2 and then reboots.  At least when I bootup in Safemode with networking it behaves OK.  In the task manager I can see the following process that I don't recognize:
 
svchost.exe with description winrscmde. Properties of that process says that this file was created today and is located in C:\Windows.
 
In the Event viewer I see the following bugcheck error message:
 
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002efd0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031713-43953-01.
 
I haven't removed the virus or anything using Malwarebytes yet. Just wondering what I should do next.
 
Thanks.

A:Malware bytes detected Trojan.Agent, Trojan.BHO, Rootkit.0Access and PUP.IBryte

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see hereDouble click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat fil... Read more

Read other 17 answers
RELEVANCY SCORE 132.8

Good Morning
 
I noticed my PC running a lot slower than usual so ran a scan using Malwarebytes.  It came up with various things including the 2 Trojans listed.
 
I'm running Windows XP SP3 with all the latest windows updates.  I've noticed more spam emails lately with zip files attached. I always delete these straight away but it is possible my son may have unknowingly opened one of the zip files.
 
I've run the dds scan and attached the requested files.
 
Looking forward to your assistance.
 
thankyou
 
Lyn
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Lyn at 10:20:52 on 2013-09-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.946 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:... Read more

A:Trojan.LameShield and Trojan.Agent.RVGen0X

Just an update.  I also have the following showing in the Malwarebytes scan;
 
PUP.Datamngr
PUP Optional.DataMngr
Adware.GameVance
PUP.Optional.TopArcadeHits.A
 
None of these were prompted to be removed in the scan results, so I haven't as yet.  I am also getting pop ups now.  Any help would be greatly appreciated.
 
thanks
 
Lyn.  

Read other 46 answers
RELEVANCY SCORE 130.4

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 130

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 130

Good Evening,

The problem started happening yesterday an employee came to me saying that eset was deleting his files off the network share which is connected to the server on a seperate partition. When I looked on his computer all the .docx files were changed over to .exe files eset keeps saying the files are infected with a w32/Pronny.JG.worm. I immediatly disconnected access to the network shares by disconnecting them. After network shares were disconnected I ran a scan with malwarebytes I can post the log file if you would like it found Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access, a lot of the files were loaded in the user directory of the employee they said 2pom/exe, passwords.exe, pron.exe, runme.exe, secret.exe, sexy.exe. I removed all files rebooted. Computer came up everything looked good check taskmgr there were still items running in the process I believe I check msconfig items were still checked. Unchecked all the items. Ran combofix I can post the log file later as well if you request it. Computer rebooted seemed like everything was working fine nice and fast nothing running in the background nothing in the user folder. Plugged setup map drive to network share same exact problem same exact files infected. Well by this time it was late in the evening went to sleep thinking the issue was isolated and only one pc was infected. After 9:30 this morning 2 more pcs became infected from access the network share. I think I'm getting out of my expertise in dealin... Read more

A:Infected With Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/478489 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 128

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 126.8

Hello, my computer was running slow, so I did a quick MBAM scan which revealed 2 results:
-0.4267402257311502.exe (Exploit.Drop.2)
-winword.doc (Trojan.Agent)

I restarted the computer and had MBAM delete the files. Following this a second scan did not return any infected files.

Do I need to do anything else to ensure I am no longer infected?

Any help would be appreciated. Thanks in advance!

A:Possibly infected with Exploit.Drop.2 / Trojan.Agent

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Document... Read more

Read other 18 answers
RELEVANCY SCORE 125.2

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 124.8

Hello,

I would be very thankful if you could help me cleanup my laptop . Since 2 days I have been experiencing problems everytime I log in into websites, especially facebook's. I get a sign that says that internet explorer has blocked that website and when I want to log in into facebook, I encounter a sign that says that the website's certificate has expires and whether I would like to proceed.

I have run the anti-malware software 3 times but without success . This is the first report I got using the quick function during normal mode:

-------------- PLEASE DONT SPENT ATTENTION TO THE DATE, I DIDNT REALIZED THAT IT WAS SET UP TO A DIFF. DATE.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GLV [administrator]

Protection: Enabled

6/14/2012 8:37:18 AM
mbam-log-2012-06-14 (08-37-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228445
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No ... Read more

A:Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor

I would like to add that this problem came around the same time that I started using the free quebles offered by hotmail.

Read other 35 answers
RELEVANCY SCORE 124

hi, I have a possible Rootkit Zero access virus that Malwarebytes is picking up as rootkit.0access It's also picking up a trojan.small and trojan.sifef . Malwarebytes hasn't been able to remove them after several scans, removals and reboots. Recently I have also experienced unwanted audio playing in the background on my computer.

I have run SpyBot and Malwarebytes. but the files remain after a reboot.

As requested in the preparation guide I have done the following:

CD Emulators disabled with DeFogger
DDS has been run and the .txt file is copied below Attach file is attached
Attempted to create a GMER Log but was unsuccessful. GMER ended in a stack dump on two occasions so I quit while I think I was ahead

Thanks in advance for your help on this! I work shifts, so I may not always get back immediately following your posts
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by User at 20:48:59 on 2012-06-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3327.1760 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012&... Read more

A:Possible rootkit.0access / trojan.small / trojan.sifef infection

download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 32bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe and press Enter Note: Replace letter e ... Read more

Read other 28 answers
RELEVANCY SCORE 124

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when in regular mode it does.

I have used TDSSKILLER, ccleaner, mbam so far...nothing. Mbam seems to find some files created by something else, which on deletion and restart, reappear.
At one point my buddy told me to download Microsoft Security Essentials. I did and ran a scan. The infection didn't like that and proceeded to bring up, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now", then kept restarting. I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped.

I followed steps 6-9 in the guide, attached my logs hope that helps.

I have Windows 7 Ultimate 32bit. Any help would be much ap... Read more

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 124

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. Any help from here on out would be much appreciated. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when not in Safe Mode it does.

I have Windows 7 32bit Ultimate

used: Mbam, tdsskiller, ccleaner.

Thank you

-Mike

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 7 answers
RELEVANCY SCORE 124

Hello, I seem to have 3 files that malwarebytes is incapable of removing..and it appears as though they may be somewhat common. Any help is GREATLY appreciated.

The issues are: rootkit.0access / trojan.small / trojan.sifef(as reported by MBAM)

I have used GMER and DDS, both logs are attached.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by owner at 17:51:54 on 2012-06-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1211 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WU... Read more

A:Cannot remove: rootkit.0access / trojan.small / trojan.sifef

download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 32bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst6... Read more

Read other 14 answers
RELEVANCY SCORE 123.2

HI,I recently got infected by Antimalware Doctor on April 29, 2010 and followed all the Bleeping Computer instructions to removing the program. Everything seemed to work fine until yesterday when Mbam discovered a Rootkit Agent in my System 32 Driver folder. My browser then got re-directed and the Windows host process stops working. Now, each time I click on a link in Firefox, it gets re-directed to some ad-page. Also, from time to time, my desktop icons get re-arranged even though I disabled auto arrange...C:\Windows\system32\Drivers\jgtdmehf.sys (Avira also identified this) I scanned the computer in safe mode and Mbam said it would be quarantined after reboot. After reboot, a second scan revealed that it was still there. I then scanned using Avira and received the following note.The file could not be marked for deleting after reboot. Error description: A device attached to the system is not functioning.When i try to manually delete, i get message: Cannot read from the source file or disk.jgtdmehf.sys Date created: 4/29/2010 5:08 PM Size: 804 KB Date modified: 5/2/2010 10:10 AMThe requested security information is either unavailable or can't be displayed.I have run both spybot and rkill and neither found anything. However, from time to time, my Firefox gets re-directed to some ad page, and all of a sudden, my desktop tool bar changes colors and I get this message: Host process for windows services stopped working and was closed A problem caused... Read more

A:Trojan Rootkit Agent Cannot be removed by MBam

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 36 answers
RELEVANCY SCORE 122.8

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 122.8

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC: ... Read more

A:Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 122.4

Hi, a friend gave me his machine to look at as it was getting pop ups.

I couldn't run in safe mode as machine wouldn't boot.

I changed the names of malware bytes and super anti spyware as they wouldn't install.

Did the compaq windows system restore and tried again.

I ran them both, mbam found 706 entries, superanti found 698.

I then installed nod32 and it found 5 entries.

I rebooted into safe mode, ran scans again with each - mbam said clean, super anti still says,:

Trojan.Rootkit/Gen - 19 entries
Trojan.Agent/Gen - 1 entry
Trojan.Downloader-TinyProxy/Mstre8 - 1 entry

Any help on removing these would be really appreciated, many thanks.

Regards

A:Trojan.RootKit/Gen Trojan.Agent/Gen Trojan.Downloaded-TinyProxy/Mstre8

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 120.8

I started to have my web browser redirect to various spam pages. Microsoft security essentials was killed and I cannot start the service. Any help would be appreciated.

Thanks,
Adam

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by aeglap at 21:29:20 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4022.2341 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:&... Read more

A:Malwarebytes reports Trojan.Dropper.BCMiner, Rootkit.0Access, and Rootkit.0Access

Please close this thread. I was planning on buying a SSD drive in the near future so I just moved it up.

Thanks,
Adam

Read other 3 answers
RELEVANCY SCORE 120.4

Hi all,
Since 2 days I have a nasty thing on my laptop with XP and it really got on my nerves. Usually I can handle the most simple stuff "with a little help from my friends" (forums), but now it looks like I need a real-time help exactly for me.

The symptoms are:
- disabled registry;
- disabled task manager;
- disabled safe-mode;
- Runtime error 6002 on Media player classic and DC++ which requires replacing the *.exe files; also, Spybot doesn't run;
- random-named *.exe files created in \local settings\temp\
- the problematic line in HiJackThis keeps reoccuring:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1.

So the other day I learnt how to re-enable the TaskMan, RegEdit and SafeMode when i need to use them.
Spyware Doctor find the detects the things from the topic name: "Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer".
The thing stays. I'd be very grateful to a little help.

A:Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer, nasty stuff

DDS (Ver_09-03-16.01) - NTFSx86
Run by Alexander at 16:00:39.71 on неделя 26/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1791.1190 [GMT 3:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\wintmlls.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\winxjcakb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale... Read more

Read other 3 answers
RELEVANCY SCORE 120

From: Eric

I received a computer running XP Media Center Edition from a friend. Its desktop was being hidden automatically unless I told it to "show desktop". I ran SuperAntiSpyware and MBAM on it. They seemed to have removed the viruses. In preparation of this topic I ran GMER, which would not run so I ran TDSSkiller. TDSSkiller got rid of a rookit virus. What I need now is to make sure that the computer is completely clean. Here are the DDS and GMER reports.

Thank you

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by sherri cordry at 20:08:08 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1770 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Comp was infected with Trojan.Agent/Gen-Fake AV, Trojan.Agent/Gen-Hullo[short], Rootkit virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 120

Hello,

I have tried many different ways to remove the infections present on my computer.
I will provide a brief history:

I use firefox (latest version) and began receiving popups constantly. Websites such as facebook or google simply wouldn't load (the page would remain on "contacting www.google.ca ..." and never load anything). Closing firefox completely and restarting it resolved the problem for a few moments, but the popups and freezing would continue.

I tried several programs and methods. MBAM identifies many risks (quick and complete scans performed) and removes most at the time of the scan, with the rest requiring a restart, which is always performed. On restart, I receive a rundll error stating that the dll name (i.e. defarewo.dll or zapezade.dll) cannot be located.

I downloaded AVG and allowed it to scan as well. While active in my task bar, upon opening firefox, one or several trojans are identified and I allow AVG to "heal", "remove" or "delete" them (there are different options depending on what is identified). Regardless, once in firefox the popups continue.

I have also attempted several protocols suggested on this website. I have started the computer in safemode with the program that suspends explorer and winlogon (the protocol states to suspend rundll32 as well, but that file is not listed on the screen). I then ran vundofix, which failed to locate it on the computer. Still in safemode I ran MBAM and several thin... Read more

A:Trojan.Vundo.H, Trojan.Agent, Rogue.Adware Alert (according to MBAM)

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 2 answers
RELEVANCY SCORE 119.6

ESET is reporting having cleaned
Win32/Agent.HNCVHWF trojan
Win32/Agent.PQGVNB trojan
Win32/Agent.IVMSRVA trojan
and a variant of Win32/TrojanDropper.Agent.OVA trojan

MBAM reports
Trojan.Dropper
Trojan.Crypt
and Adware.Casino

These are the latests reports, I have had a few others recently, and I have tried to disinfect, but I am still getting reported infections. I am also getting very slow Internet browsing, and my sons PC has trouble browsing also if my computer is switched on.

When running GMER as outlined in forum topic34773 - "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" I get a machine hang following the file scan, and cannot save to file.

Any help would be greatly appreciated.

DDS.txt file below.
-------------------

DDS (Ver_10-10-21.02) - NTFSx86
Run by Jamie at 20:33:39.16 on 25/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.44.1033.18.3326.2003 [GMT 1:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\sys... Read more

A:ESET Popups for TrojanDropper.Agent.OVE and MBAM reports Trojan.Dropper and Trojan.Crypt

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 119.2

Hi,Could someone please help me to clean up my machine after MBAM removed Trojan.Agent and Trojan.Vundo.H? MBAM looks like it worked but suspiciously there's a file that was deleted that returned by itself.1. Removed Trojan.Agent using MBAM.Malwarebytes' Anti-Malware 1.35Database version: 1915Windows 5.1.2600 Service Pack 318/04/2009 11:27:45 PMScan type: Full Scan (C:\|)Objects scanned: 142863Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcayulecugofu (Trojan.Agent) -> Delete on reboot.Files Infected:C:\WINDOWS\unilobakamodeta.dll (Trojan.Agent) -> Delete on reboot.2. Updated MBAMMalwarebytes' Anti-Malware 1.36Database version: 2000Windows 5.1.2600 Service Pack 318/04/2009 11:56:36 PMScan type: Quick ScanObjects scanned: 71077Time elapsed: 2 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: dkblmn.dll -> Not selected for removal.Files Infected:C:\WINDOWS\dkblmn.dll (Trojan.Vundo.H) -&... Read more

A:Clean-up after MBAM removed Trojan.Agent and Trojan.Vundo.H

Hi,Sorry for the delay in responding. Please do this:Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX componentClick Yes, when prompted to install its ActiveX component.(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)The program launches and downloads the latest definition files. Once the files are downloaded click on Next Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:ExtendedScan Options:Scan Archives
Scan Mail Bases Click OK and, under select a target to scan, select My ComputerWhen the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report:Click on: Save Report As (above - red blinking arrow)Next, in the Save as prompt, Save in area, select: DesktopIn the File name area, use KScan, or something similarIn Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky... Read more

Read other 9 answers
RELEVANCY SCORE 116

My father ran the Malwarebytes Anti-Malware and found 3 viruses on my computer. Trojan.Dropper.BCMiner, Rootkit.0Access and a Rootkit.0Access.64 I need help removing them and I am not computer smart. Here is a DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Laura at 19:02:33 on 2012-10-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.2039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C: ... Read more

A:Trojan.Dropper.BCMiner, Rootkit.0Access, Rootkit.0Access.64

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 3 answers
RELEVANCY SCORE 115.6

I'm at a complete loss as to how to rid my computer from these trojans. I've run Spyware Doctor several times, but they keep showing up in subsequent scans. I also get varied "Cannot Find File "WIN32\xxx.dll" messages at startup, and a recurring popup from the Windows Firewall saying "To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to block this suspicious software? Name: Win32.Brontok..." But the boxes for "Keep Blocking" and "Unblock" are grayed-out. "Enable Protection" seems to result in my system freezing up.

Anyway, your help is greatly appreciated. I'm fairly competent with technology, so I'll try to follow instructions to the letter and hopefully we can get rid of this stuff. Thanks!

-Greg
DDS (Ver_09-05-14.01) - NTFSx86
Run by CA$H $LAVE CLIQUE at 19:18:46.10 on Mon 05/18/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3518.2793 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -... Read more

A:Trojan.Virtumonde, Trojan-Downloader.Agent.OGP, WIN32.Brontok

Just to update, I downloaded Malwarebytes and Avast! 4.8 and did some additional scanning, tried a few other tools with some success. My latest problems were with just getting to this site without redirects.

I also had to repair windows in order to get rid of my blue screen, which means I'm now back to XP SP1. I'd like to run Windows Update, but it would appear that I've been locked out of using that service. Can't run the normal Update through IE because "One or all of the following services are disabled: Automatic Updates, BITS." And trying to enable those services through msconfig yields an "Access Is Denied" window.

Ugh.

Here are my latest logs, if anyone reads this and is interested in helping:
DDS (Ver_09-05-14.01) - NTFSx86
Run by CA$H $LAVE CLIQUE at 18:29:19.21 on Wed 05/20/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3518.2932 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spool... Read more

Read other 3 answers
RELEVANCY SCORE 115.6

I got rid of this virus through spyware doctor and was able to remove 4% of space, but defrag needs 15% to work properly. How to I go in and find where they put all this stuff to use up my C-drive and remove it? I have my defrag logs but they don't tell me where the problems are located. I'm happy to post a new log if someone tells me what they need. Any ideas? I have posted latest defrag log.
Thanks

A:Help with Trojan Downloader.agent.BDBU/Virus gone how to reclaim trojan used ram

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 115.6

Hi guys,I ran a rogue executable sent to me by a friend and knew immediately that something was awry.SYMPTOMS- Computer bogged down immediately and i saw i was infected with the Nmehaa.exe process (which i ended).- Received repeated warnings that Spoolsv.exe was trying to access secure files (selected no)- Received repeated warning that internet explorer wasn't executing script properly and prompted to continue running script. I don't use IE, just firefox. I selected no repeatedly, then accidentally hit yes, which resulting in my google links being hijacked and sending me to shopping pages within firefox.- could not run malwarebytes anti-malware OR Superantispyware free- my wireless zero configuration continually turns itself off, meaning wireless network access is nearly impossible- PC doesn't recognize a plugged in ethernet cable- my taskbar at bottom has messed up colors (i run a black theme and the taskbar is now black with gray sections)ACTIONS- disabled wireless network card- ran AVG anti-virus in standard mode, which gave a false negative and didn't remove any infection- attempted system restore several times, to no effect- found and followed the preparation guide here on bleepingcomputer.com (DDS and GMER files are attached)- After following guide, i took one more stab at a solution: I downloaded the latest versions of superantispyware and malwarebytes and their latest definitions, transferred them to the PC via USB, and ran them in safe mode after t... Read more

A:Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 9 answers
RELEVANCY SCORE 115.6

Computer has been shutting down randomly and not letting me run Norton 360.
Went to safe mode and ran Kaspersky and found 2 problems supposedly:
trojan-downloader.java.agent.f also trojan-downloader.getcodec.n
I cannot find any info to get rid of these. In safe mode I ran updated Norton 360,
Malwarebytes AMWare, Trend Micro Housecall and Absolute systemcare. All found
nothing. What should I do? Older system (2000) running XP pro.
Thanks Bruce

A:trojan-downloader.java.agent.f also trojan-downloader.getcodec.n

When the computer shuts down do you get a blue screen error message?

Read other 30 answers
RELEVANCY SCORE 115.2

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

File... Read more

A:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 12 answers
RELEVANCY SCORE 114.4

Hi,My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).The virus killed the internet connection (but I managed to figure out how to get the internet back), disabled Norton anti-virus and generally slows down the whole machine. The virus seems to prevent me from restarting into Windows safe mode. Various tools don't run - for instance, I could not run DrCureIt or even Kaspersky online scan. I've been moved to this forum from the 'Am I infected? What do I do?' forum. For a full report of the problem, and the steps taken so far, please see:http://www.bleepingcomputer.com/forums/t/228965/infected-with-trojandownloader-trojanagent-bagle/I'm posting a DDS log as in the instructions.Thanks in advance for all your help!Cheers,Karol.DDS (Ver_09-05-14.01) - NTFSx86 Run by Eczka at 12:48:08.06 on Tue 26/05/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.82 [GMT 10:00]AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\ACS.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\TOSHIBA\... Read more

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hello KarolF, and to Bleeping Computer Forums, My Nick is Net_Surfer I'll be glad to help you with your computer problems.I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.Please be patient and I'd be grateful if you would note the following:The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. 1. Please reply using the AddReply button in the lower right hand corner of your screen. Do not start a new topic. 2. The lo... Read more

Read other 15 answers
RELEVANCY SCORE 114.4

I am running Windows Vista on a Compaq pc. I have run Malwarebytes and have a copy of the log after running a full scan. I just want to know what are my next steps. My biggest concern was actually something called a trojan backdoor.generic11. I have AVG and SUPERantispyware installed and they both detect it but can't seem to get rid of it. Here is a copy of the log from malwarebytes:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 6.0.6001 Service Pack 1 (Safe Mode)Internet Explorer 8.0.6001.189288/10/2010 1:58:21 PMMalwareBytesScan type: Full scan (C:\|D:\|)Objects scanned: 283866Time elapsed: 1 hour(s), 15 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 2Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> No action taken.Registry Values Infected:HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> No action taken.HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows_update.exe (Trojan.Downloader) -> No action taken.Registry Data Items Infecte... Read more

A:Rogue.WindowsSystemSuite, Trojan.Agent, Trojan.Downloader ect

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 114.4

Hi ! My system has been infected with Trojan.Virtumonde/Trojna-Downloader.Agent.OGP viruses. These were identified by Spyware Doctor , after identifying them Spyware doctor prompts me to reboot the system so that they can be removed. But once the system is started againg, they are there. Again Spyware Doctor identifies them and tries to Fix them, again asking to re-boot the system. This keeps on going but the viruses are still there. The Trojan.Virtumonde virus is associated with the basesr.dll file in System32 folder. The basesr.dll file description shows - Alcohol 120%, Company-Alcohol Soft Development Team

Due to this

I am receiving lot of unusual pop-up screens
Internet Explorer is Re-directing to different web pages instead of the expected page.
Internet explorer takes lot of time to load a page.
CPU usage seems to 100%.
Unkown process are executing in windows task manager.

Please resolve the same for me . let me know for anything.

DDS.txt details:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Clement at 18:20:15.82 on Mon 05/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1348 [GMT -4:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP

Hello mercyman,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.

Read other 45 answers
RELEVANCY SCORE 114.4

Hi,

My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).

The virus killed the internet connection, disabled Norton anti-virus and generally slows down the whole machine.

I already ran malwarebytes anti-malware, which found the following:
Trojan.Downloader
Trojan.Agent
Trojan.Spammer
Rootkit.Bagle

Malwarebytes tried to remove the infected files but the virus just returns on reboot.

I also ran hijackthis. I can post both the logs if requested.

Thanks in advance for any help!

Cheers,
Karol.

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hi Karol and welcome to BC Let's do a few tasks. If you are using a wireless router, please reset it and make sure it is set to automatically obtain a DNS address. Routers vary, so you may have to reference your manual. If you do not have a manual, please let us know what the model and make of your router is. Also, please make sure you place an administrator password on your router. Don't forget to write this information down = you may need it 6 months from now Please rerun Malwarebytes using these instructions:On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is dif... Read more

Read other 9 answers
RELEVANCY SCORE 114.4

Hello again, the viruses have struck me again and I need your help, yet again. So both of those trojans, and vundo[though I believe I've gotten rid of it] have been given me plenty of problems.

I have spyware tools and it detects and "cleans" them but they always come back. TDSServ comes in infections of 33 or more, and the Trojan-downloader.Agent comes in 1 infection. I did a full scan, restarted, and then another fullscan after as directed by a PC Tools moderator. No luck.

The symptoms have been a slower computer in general, and when playing games increased ping occurs, usually was 50 and is now 170-200+ ping. I've been using ad-ware, spybot, ccleaner and spyware blaster to no avail, and have done the pre-complain routines.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:28 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\lxdccoms.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Creati... Read more

A:Trojan.TDSServ, Trojan-Downloader.Agent.OGP problems

Hi, welcome to TSF!

Did you run GMER as outlined here?

http://www.techsupportforum.com/secu...oval-help.html

If you ran it, please post the log. If for some reason it won't run, rename it to any name you want then run it again.

Read other 19 answers
RELEVANCY SCORE 113.6

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 113.2

Hello,
Having some trouble with many trojans. I keep SuperantiSpyware/Malwarebytes/SpyBotS&D quite up to date but recently caught something they are unable to remove. They removed a large amount of other trojans but currently there are a few pesky ones which refuse to budge! namely Trojan HBO, Trojan.Agent & Rootkit.Agent. Other dodgy processes such as BN1.tmp BN2.tmp and many iexporer.exe in the task bar.

Even scanning in safemod under administrator would not budge them.

They seem to be having quite a party redirecting my webpages and even after 1 blue screen explorer.exe has gone on holiday leaving to me to open my own programs manually. Writing this from safemode with networking on and will post a HJT log and hope for some help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:58, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOW... Read more

A:Unable to remove Trojan HBO, Trojan.Agent & Rootkit.Agent

Read other 16 answers
RELEVANCY SCORE 112.8

hello guys

really hope one of the experts can help me with this! malwarebytes found the 3 trojans on my computer today. i have tried following the path where affected by unhiding registery files etc but wont let me delete

anyone have any ideas how i get rid of these?

thanks in advance

dom

A:Trojan.0access, trojan.dropper.bc miner and trojan sirefef

apols im not trying to 'bump' - just seen i need gto post these logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by Administrator at 21:42:27 on 2012-07-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0... Read more

Read other 36 answers
RELEVANCY SCORE 112.8

Edited to add information from another topic that will be shortly deleted. ~ OBI had a quick question before I start backingup all my personal/doc/data/photo files.I have an external HD for backup, connected by USB. I haven't turned it on or backed anything up for a couple months (I know lazy), so hopefully its hasn't had a chance to have any infected files on it yet. If i turn it on while its still connected to infected computer what is chance the virus/trojan will transfer to external hard drive?and along the same concept, if i start copying over photos and other personal files to the external hard drive how do I know i'm not copying over the virus/trojan with it?End of added information. ~ OBMy computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop that was infected with lots of virus/Trojan/adware/malware. Its mainly for home personal use (our only computer) but I also telecompute for work sometimes. I haven't been able to backup all our personal files, so I'm trying to avoid rebuilding the whole machine if possible.I've already run, cleaned infected files and run again and received clean slate now from Avast!, MBAM (quickscan) and SuperAntiSpyWare (complete scan).here's my original post in the "Am I infected forum?"http://www.bleepingcomputer.com/forums/t/192399/win32monder-gbtrj-win32trojan-genother-adwarepopcap-trojanvundo-trojanagent-and-more/The computer seems stable now. I can load up the computer without a problem. But after reading this forum and the ... Read more

A:Seneka Rootkit, Monder-GB, Trojan.Vundo, Adware.PopCap, Trojan.Agent, Malware.Trace

Hello, Lex H to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirrorThis is a Secondary mirrorThis is a Secondary mirrorClose any and all open programs, as this process may crash your computer.Unzip the downloaded file to your desktop.Double click on your desktop.Allow the gmer.sys driver to load if asked.You may see this window. If you do, click No.
Click on and wait for the scan to finish.If you see a rootkit warning window, click OK.Push and save the logfile to your desktop.Copy and Paste the contents of that file in your next post.In your next reply, please include the follow... Read more

Read other 13 answers
RELEVANCY SCORE 112.8

I have ran Malwarebytes several times and the last 5 times at least it keeps showing this report included below. I click the fix selected and am notified it will be fixed on reboot, to no avail.

I ran Hijack this and selected the one file at a time associated with the malwarebytes report and clicked the fix this and rescanned and it was still there.

Downloaded and ran Avast and it detected a virus called sysguard.exeXXX. I quaranteened and later deleted it from the chest.

I disabled Avast today and rescanned with Malwarebytes and still receive the same report. Will be deleted on reboot. Scan again and report is still the same.

Here are the results of the Malwarebytes Scan.

Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 2
7/25/2009 11:55:44 AM
mbam-log-2009-07-25 (11-55-40).txt
Scan type: Quick Scan
Objects scanned: 90215
Time elapsed: 9 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c912207-ca9b-4d5f-9e55-e0d87977f4da} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c912207-ca9b-4d5f-9e55-e0d87977f4da} (Trojan.BHO.H) -> No act... Read more

A:Unable to Remove, Trojan.Agent, Trojan.BHO.Rootkit.AgentH,

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:41 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Qui... Read more

Read other 1 answers
RELEVANCY SCORE 112.4

I wasn't aware of any problem until my Symantec Antivirus program stopped automatically scanning my computer. I tried to run it manually and gave me a message that said it wasn't installed properly. I googled the error message and found that it was a Trojan of some sort and that I should run a Panda scan. I ran a Spyware Doctor scan aswell which came back with Trojan.Agent and Trojan-Downloader.ConHook.

Here are the DDS results:
DDS (Ver_09-01-19.01) - NTFSx86
Run by george at 21:34:58.53 on Thu 01/29/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.108 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

A:Trojan.Agent and Trojan-Downloader.ConHook

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 112

My Zone Alarm program has picked up two viruses in the space of about a week, Exploit.Java.CVE-2009-3867d six days ago and Trojan-Downloader.Java.Agent.cf today. * After the first, I updated and ran Malware-Bytes and online ESET virus scan. Computer was apparently clean. Zone Alarm was set to do a full scan only every month (! and I'm sure I set it to scan daily.) There are no scan logs for either the ZA antivirus or firewall.* After the downloader trojan appeared, I updated and ran Malware-Bytes, and again it showed no infection. I've run DDS (log attached), but GMER is not running for me. The error message is: C:\windows\system32\config\system: The system cannot find the file specified.I assume it's not working because the computer is set up as 64-bit.Because of this, only Services, Registry and Files are checked. I ran it anyway, and for what it's worth, it said no system modifications were detected.The system is a Toshiba Satellite A500 running Windows 7 - 64-bit.DDS file:DDS (Ver_10-03-17.01) - NTFSX64 Run by Cathy B at 21:57:54.84 on Fri 02/07/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4061.1818 [GMT 10:00]SP: Spybot - Search and Destroy *enabled* (Outdated) /coloro3SP: SUPERAntiSpyware *disabled* (Updated) /coloro2============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\syste... Read more

A:Infected with Exploit.Java.CVE-2009-3867d and Trojan-Downloader.Java.Agent.cf

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 25 answers
RELEVANCY SCORE 111.2

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418483 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

A:Backdoor.0access and Trojan.agent

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 29 answers
RELEVANCY SCORE 111.2

I used Malwarebytes and found these two trojans, which I removed. I then ran it again and the Malwarebytes said nothing was found. I'm still being redirected, though.

A:Trojan.BHO and Trojan.Lameshield found with Malwarebytes

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 13 answers