Over 1 million tech questions and answers.

Trojan Coinminder

Q: Trojan Coinminder

Yesterday my computer began popping up a warning from Norton that says "Main[1].js" is not safe and has been removed. It frequently cycles thru "Main[2] and Main[3]" also. They are popping up about every 2-5 minutes or even less.
If I click on the View Details I am given this path
c:\users\alfre\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\u1jsntcs\main[1].js
The View Details also show the threat name: PUA.WASMcoinminderFull Path
I have run Norton System Suite, Malwarebytes and downloaded and run the Norton Power Eraser. They all finish their run and report no problem found.
If there is "No Problem Found" how can Norton continue telling me it has found and removed anything??

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, Intel64 Family 6 Model 94 Stepping 3
Processor Count: 8
RAM: 16323 Mb
Graphics Card: NVIDIA GeForce GTX 960, -2048 Mb
Hard Drives: C: 1862 GB (1512 GB Free); D: 931 GB (569 GB Free); G: 3726 GB (2897 GB Free);
Motherboard: HP, 2B4B
Antivirus: Windows Defender (Disabled)...Norton System Suite, Malwarebytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Trojan Coinminder

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 35.6

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 29.2

Lately my computer has been exceptionally slow. Blue screens a time or two. Ive recognized a few other suspicious things such as 'Service Distribution Software 3.0' trying to install at 3 am for the past 2 weeks. I also looked at my ReportingEvents.log and noticed that even though Microsoft updates were downloading successfully they were not installing since 6-10-2010 (i went ahead and attached a copy of that as well). Also, Firefox was acting really funny. Taking a huge amount of time to load. I also found that even if I shut Firefox down, it was always running. Even if I went to Task Manager to kill firefox.exe, it was very difficult to get it to finally stop running.I even saw a post here saying: ------------------------------------------------------------------------QUOTELets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 localhost, you may have to fix it.Lets check your HOSTS file.It's located at c:\windows\system32\drivers\etc\hosts.You can open it up in Notepad.If it's just some lines on top with a # in front of it and followed by 127.0.0.1 localhost, then you don't need to post it;however, if there are others following 127.0.0.1 local... Read more

A:Trojan horse Vundo.JW - Trojan.Mebroot. Mebroot/Sinowal Infection, Trojan.Tracur, Trojan.TDSS or what?

Hi deetheis,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - MBAMOpen Malwarebyte's Anti-Malware.Under the Updates tab, click Check for Updates. Let the updates install (if any).After that, under the Scanner tab, click Perform Quick Scan and then Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBA... Read more

Read other 2 answers
RELEVANCY SCORE 28.4

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 28.4

Mod Edit: Log split away from topic here http://www.bleepingcomputer.com/forums/t/144809/infected-by-something-wicked/Deckard system scanner report is below. I was not able to load Kapersky because my IE is too corrupted and I can't get enough space on my hard disk in time before whatever is on my computer partitions off the space. I have cleared about 1 Gig of new space on my computer but the computer still shows that it has less than 100 MB of space on it.Deckard's System Scanner v20071014.68Run by Paul Hanken on 2008-05-05 23:34:54Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; disk is full.Backed up registry hives.Performed disk cleanup.System Drive C: has 0.01 GiB (less than 15%) free.-- HijackThis (run as Paul Hanken.exe) ----------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 23:38:01Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\BRSVC01A.... Read more

A:Trojan Vundo.EGG, Trojan Retapu.D, Generic.Zeno.E5F12F0C, Adware.Isearch.D, Trojan Downloader.Small.

Hello 425Fool,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 4 answers
RELEVANCY SCORE 28.4

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 28.4

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC: ... Read more

A:Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 28.4

I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home.

Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin.

So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan.

Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7.

After all of this, I decided to run SpySweeper again, and thi... Read more

A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files

Welcome organicbarb

Are there any current spyware symtoms ?

Your logs look fine
You can delete
C:\install.dat
C:\dnsbak.reg
C:\fixwareout
fixwareout.exe and combofix,exe

You should update java, afterwards this old version should be uninstalled.
J2SE Runtime Environment 5.0 Update 2

Read other 1 answers
RELEVANCY SCORE 28.4

It started on or about July 22. First we had popups circumventing our popup blocker. Then I noticed that there was an active connection listed in our firewall connection list that was called "??ool32\??crosoft.Our server had been down for almost a week because of an electrical storm, and we got a new modem with the fix from the broadband carrier. Our sercurity system may also have been down at the same time, but when we did a scan after getting our internet back, there was nothing found. After doing all of the steps recommended before doing the hijack this scan, we were told that we had all of the problems listed in the title of this post, and the House Doctor scan also said that there was an infection which couldn't be quarantined located in D:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-...\A0015881.DLL. The last 3 scans done using the same suggested programs have come back clean. During the last week the computer has begun to freeze and move very slowly. The firewall has also come up with warnings that ??ool32 has been attempting to connect with the internet, but has been blocked...so it is obviously still there. My Hijackthis logfile follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:36 PM, on 04/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32&#... Read more

A:W32/backdoor.kzk, Trojan.downloader.purityscan, Java.trojan.exploit.bytverify, Trojan.clicker.vb.dw

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close Ewido anti-spyware. Do not run a scan just yet. We will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Clean out your Temporary Internet filesClose Internet Explorer and close any instances of Windows Explorer.Click Start -> Control Panel and then double-click Internet Options.On the General tab, click Delete Files under Tem... Read more

Read other 10 answers
RELEVANCY SCORE 28.4

My pc is infected by following viruses:
1) Trojan.Fakeavalert
2) Trojan.Peacomm.D
3) Trojan.Perfcoo
4) Trojan.Pandex
5) Downloader
6) Dialer Trojan
7) Trojan Horse

Please let me know the steps for removal of these threats.
I am attaching a logfile from HijackThis for your reference.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:32:41, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\printer.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Program Files\Internet Explorer\IEXP... Read more

A:Solved: Multiple virus damage (Trojan.fakeavalert, Trojan.Peacomm.D, Trojan.Perfcoo)

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 3 answers
RELEVANCY SCORE 28.4

btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kueHi,My antivirus program, BitDefender Antivirus 2010, has blocked the above trojans. The main trojan that keeps popping up however is: Trojan.Agent.AMPC. It is located in my temp file as 94.tmp. I have deleted my temp files, some of them wouldn't delete so I downloaded and ran CCleaner.After successfully deleting files that windows alone wouldn't allow me to do, I presumed my problems were over. (haven't had the antivirus program pop-up in 12 hrs now)I opened up google and typed in the topic I wanted and clicked on the link I wanted & I was redirected to btcar.com. I closed it, clicked on another link and I was directed to virtualway.info among other annoying sites. So I blocked these sites in IE, and proceeded to download & run SpyBot S&D. 4 Issues were found and I repaired them.I then did a deep system scan with BitDefender and it said no viruses or spyware were found:BitDefender Log File Product: BitDefender Antivirus 2010Version: BitDefender Antivirus ScannerScanning task: Deep System ScanLog date: 5/6/2010 2:36:47 AMLog path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1273077407_1_00.xml Scan paths: Path 0000: C:\ Scan Level: Scan for viruses: YesScan for adware: YesScan for spyware: YesScan for applications: YesScan for dialers: YesScan for rootkits: YesScan for keyloggers: Ye... Read more

A:btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire r... Read more

Read other 2 answers
RELEVANCY SCORE 28.4

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 41 answers
RELEVANCY SCORE 28

I followed the instructions on the hijack this prep and below is the file. I am very concerned that I can't seem to get rid of some unusual files in my msconfig startup and running processes. Unidentified items in msconfig. startup are Zeno is under C:\WINDOWS\system 32\pwinqsap.exe CORN001, Z_Start C:\WINDOWS\system32\dwdsregt.exe CORN001, Then under SOFTWARE\Microsoft\Windows\CurrentVersion\Run are : 9339047 C:\PROGRA~\9339047\9339047.exe; sd "C:\PROGRA~1\AUTOST~1\sd.exe" --checkOnly; mhnn "C:\Program Files\Obla\mhnn.exe" -vt ndrv The mhnn is also in the task manager as a running process. I cannot find any of these listed in windows explorer or my registry. Logfile of HijackThis v1.99.1Scan saved at 6:35:30 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared... Read more

A:Backdoor.dsnx, Hacktool, Trojan.cmapp, Download Trojan, Trojan.downloader.gen,

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 3 answers
RELEVANCY SCORE 28

I have gotten Trojan.Ertfor ,Trojan.Zlob.H ,Trojan.Downloader ,and Malware.Trace and I just cant seem to get rid of these Trojans I have ran Malwarebytes'Anti-Malware program(did not get rid of these,and came back) I also did a manual deletion of these Trojans(They came back and didn't stay deleted) I will also add the Malwarebytes'Anti-Malware program Log of these Trojans. Can i get help on what to do to get rid of these annoying Trojans?
Here is the Malawarebytes'Anti-malware Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 4:33:11 PM
mbam-log-2009-06-25 (16-33-07).txt

Scan type: Quick Scan
Objects scanned: 104801
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sdjee3inf.dll (Trojan.Ertfor) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Ertfor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion ... Read more

A:Trojan.Ertfor, Trojan.Zlob.H, Trojan.Downloader, Malware.Trace, OhMY!

Hello and welcome.. Let's do 2 things next,I think we can clear this up.Run part 1 of S!Ri's SmitfraudFixPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmYou have a good amount of files here. We should do a full scan.....Rerun MBAM like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 7 answers
RELEVANCY SCORE 28

Desktop Sony Vaio, Windows XP + SP3, 1GB RAM.These four infections - HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE periodically try to execute and Norton Security Suite BLOCKS them all. Along with these four, about 16 files are also blocked, all associated - fpq52.tmp (TROJAN HORSE), fpq4b.tmp (HACKTOOL.ROOTKIT), fpq4c.tmp (TROJAN HORSE), fpq4a.tmp (TROJAN.PANDEX), fpq4f.tmp (TROJAN HORSE), fpq4e.tmp (TROJAN.VUNDO), etc.I am presently running Norton Security Suite 4, F-PROT Antivirus, IObit Security 360, SpyBot-SD Resident, SuperAntiSpyware, Malwarebytes and Secunia PSI. These will not eliminate the infections.This PC is a neighbor's which originally had the Windows firewall OFF and greyed out, Firefox Google Hijack and the following infections, which are all now repaired -- HIJACK.WINDOWSUPDATE, Hiloti.B.gen!Eldorado, Trojan2.HZYZ, WORM.BDQA, TROJAN.AGENT.APHZ, ROGUE.AGENT/GEN-NULLO(dll), WORM.BLAH. (I mention these to provid a little background info). There were about 50 Windows Updates that were blocked but now installed.Thanks in advance for your assistance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Leah at 13:31:16.40 on Thu 06/03/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.95 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: F-PROT Antivirus for Windows *On-access scanning enabled* (Updated) {3... Read more

A:Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 47 answers
RELEVANCY SCORE 28

Hello I have an Acer Aspire 5100 laptop running Windows XP Home. All microsoft updates current to Sept 15. Using Avira Antivirus, Malwarebytes, Super Anti Spyware, Spyware Blaster, Spybot Search and Destroy, CCleaner and Windows Defender. All updates current to Sep 15. Windows Defender has disappeared from the task bar.Problems are as follows: all started on Friday, Sept 17 in the morning, no problems before that at all- Ccleaner had entries in registry that looked very suspicous (one included nqagoxiw in the entry) - cannot get to Windows Update site (page says Internet Explorer cannot display the webpage) - could not get Avira, etc to update (some have since started updating)- could not get to forums page (redirect to Godzilla Malware or something close to that) - I connected via the cached link so I could print the instructions- cannot load Task Manager- could not get Control Panel to work (It is now working)- if I try to run Avira or Malwarebytes in safe mode the computer shuts down (also shut down once in regular mode when I was running Malwarebytes)- fixed in time debugger keeps popping up- messages saying Windows Explorer has encountered a problem (could not save error message so this a summary of the message)- gmer runs but freezes and I cannot save the log or copy it - indeed I have to shut down with the power button as laptop becomes totally nonresponsive (I hand copied the last fews lines of the log that were displayed and have posted those at the bottom of this me... Read more

A:TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 28

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 28

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

File... Read more

A:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 12 answers
RELEVANCY SCORE 28

I have done all the preparatory actions. AVG Antispyware tells me I am infected with Trojan.Small.fb but cannot remove it. Spy Doctor scan shows Trojan.Downloader.Ruins amd Trojan. DNS Changer.Here is my HijackThis log.Can anyone help please?Logfile of HijackThis v1.99.1Scan saved at 14:49:22, on 01/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exeC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLSer... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05... Read more

Read other 6 answers
RELEVANCY SCORE 28

Hi, a friend gave me his machine to look at as it was getting pop ups.

I couldn't run in safe mode as machine wouldn't boot.

I changed the names of malware bytes and super anti spyware as they wouldn't install.

Did the compaq windows system restore and tried again.

I ran them both, mbam found 706 entries, superanti found 698.

I then installed nod32 and it found 5 entries.

I rebooted into safe mode, ran scans again with each - mbam said clean, super anti still says,:

Trojan.Rootkit/Gen - 19 entries
Trojan.Agent/Gen - 1 entry
Trojan.Downloader-TinyProxy/Mstre8 - 1 entry

Any help on removing these would be really appreciated, many thanks.

Regards

A:Trojan.RootKit/Gen Trojan.Agent/Gen Trojan.Downloaded-TinyProxy/Mstre8

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 28

Well, the name pretty much says itself - I am under attack of a couple of Trojan Horses.

The odd thing is that I haven't opened any attached files I didn't know who were from, or anything at the like. I don't think I have been hacked, however I am having troubles with getting rid of this malware.

How do I clean my system of these Trojan Horses? I've done a spysweep once, only to find Trojan-Pisher-Snifula reinstalled in my system when I did another system, running an IE-fix.
 

A:Trojan horses - Trojan-download-tukpat and trojan-pisher-snifula

I have been doing some research and it looks like I could have a possible Rootkit-infection.... should I post a Hijack This log for you to find out? Anbd if it is a rootkit-infection am I then completely screwed? I can't change my processor due to a RAM-change I've made....
 

Read other 1 answers
RELEVANCY SCORE 28

Deckard's System Scanner v20071014.68Run by rodneybailey on 2008-07-31 21:19:40Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --102: 2008-08-01 01:19:46 UTC - RP425 - Deckard's System Scanner Restore Point101: 2008-08-01 00:53:14 UTC - RP424 - Removed Norton Security Scan100: 2008-08-01 00:41:12 UTC - RP423 - Installed Windows Internet Explorer 7.99: 2008-08-01 00:40:49 UTC - RP422 - Installed Windows IDNMitigationAPIs.98: 2008-08-01 00:40:10 UTC - RP421 - Installed Windows NLSDownlevelMapping.-- First Restore Point -- 1: 2008-07-19 19:02:52 UTC - RP324 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as rodneybailey.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:21:23 PM, on 7/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WI... Read more

A:Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

Hello WebDept, Sorry for the delay. We have many logs backed up. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Read other 2 answers
RELEVANCY SCORE 28

I seem to have contracted a lot three trojans and possibly more. I used spy sweeper to detect it but it won't get rid of it unless I subscribe. It seems that my antivirus mcafee is not detecting anything. And spybot can't do anything but delete a.bat everytime my computer starts. I ran hijack this and this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:19 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX... Read more

A:Solved: Windows xp with mybot trojan, a.bat zapchast trojan, and autospy trojan

Read other 16 answers
RELEVANCY SCORE 28

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

Read other 10 answers
RELEVANCY SCORE 28

I've used Malwarebytes and Norton 360 to scan and re-scan my computer to remove any intrusions. I've also read other posts online to remove particular entries in my registry that were associated with these viruses. So far, my MBAM and Norton is saying my computer is clear, but the programs also said that the other day and found something new today. I've backed up my registry as well just in case. The trouble started when I opened up a flash movie file the other day and the security suite kept popping up. So I researched the suite and I knew (general virus knowledge) not to click yes on anything or to download anything. I finally got it to stop but I feel my computer is vulnerable now. Also my Norton 360 is picking up tracking cookies now when it scans, when I never used to have a lot of tracking cookies detected. I'm not 100% confident that my computer is safe. I haven't really used it since I got the Security Suite virus. I've only been running scans and searching online for more information on the removal. I also used Rkill in the process of removing the Security Suite. Your assistance in removing this issue for good is greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by James Brinson at 22:45:14.70 on Wed 09/15/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1843 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}=====... Read more

A:Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 28

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one virus that it says and then lead you to another site with a virus scan but I got rid of those I think. The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when I tried starting it the computer would restart on it own and do it everytime I tried starting it. I ran VundoFix and that seemed to fix most of my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook, Adware Zeno search assistant, enbrowser, sidebyside search and a spycookie Aff6007 cookie. My internet is still acting funny, like when I try to play games on Pogo it says Applet(s) in this HTML page requires a version of Java different from the one the browser is currently using. In order to run the Applet(s) in the HTML page, a new browser session is required. Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans. Why did McAfee Internet Security stop these problems? Everytime I run my virus scan it says I am clean, as well as spybot and ad-aware. The only one that says I have a problem is SpySweeper. Any suggestions would be greatly appreciated, sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance.Logfile of HijackThis v1.99.1Scan saved at 7:31:48 PM, on 4/9/2006Pla... Read more

A:Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 10 answers
RELEVANCY SCORE 28

This is a business computer and it is very important that it runs properly, been having issues with it for a week now. I have tried running several anti-virus programs to no avail. Currently using Panda, but used some other free software like AVG etc.Hoping you can help me, here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:36 PM, on 2/2/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Citrix\GoToMyPC\g2pre.exeC:\Program Files�... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I ca... Read more

Read other 2 answers
RELEVANCY SCORE 27.2

Help! NAV keeps popping up messages saying trojans being detected. like this. The infected file keeps changing but it seems to always be in the temporary internet files folder.Here are the Norton Anti-Virus MessagesEg1:"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\26FIQOO3\srvsqy[1].exe Click for more information about this risk : Dialer.Trojan Action taken: Repair failed Action taken: Access denied"Eg2:"Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BFMSS7PL\srvfpa[1].exe Click for more information about this risk : Dialer.Trojan Action taken: Repair failed Action taken: Access denied"This is my HJT log.thnx in advance.Logfile of HijackThis v1.99.1Scan saved at 9:03:24 PM, on 11/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files�... Read more

A:Various Trojans; Dialer.trojan, Trojan.dropper, Trojan.busky

Hello,A remark first..You are using Download Accelerator - DAP Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlmanI suggest you remove it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove it.* Open hijackthis, click 'config' (bottom right)Choose the tab 'misc Tools' on top.Choose 'delete a file on reboot'In the field, copy and paste next:C:\WINDOWS\SYSTEM32\winfcn32.dllClick open.Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/okYour system should reboot now.after reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against next entry:O20 - Winlogon Notify: winfcn32 - C:\WINDOWS\SYSTEM32\winfcn32.dll* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Updating Java:Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: &... Read more

Read other 8 answers
RELEVANCY SCORE 27.2

Hmm my computer's in pretty bad shape thanks to these damn trojans

Norton started detecting these trojans 3 days ago, and could only block them.

Everytime I try to access IE, there will be a bunch of popups and advertisements.

I tried scanning with Norton Antivirus + Ad-Aware 2007, but nothing could be found.

After that, I went to Cnet downloads, and got myself Spyware Terminator + A-squared 3, both which managed to scan and detect some of the threats. It cleared some of the files and registry keys, but still couldn't kill off the files such as wvuroli.dll that are used by core processes, such as explorer.exe, etc.

Currently my IE doesn't have any popups, but I'm worried that these trojans will return, and I want them completely out of my system

I've browsed tech support guy forums a bit, and found a thread thats similar to my problem:
http://forums.techguy.org/malware-removal-hijackthis-logs/554392-solved-trojan-vundo.html

Following the instructions from that thread, I downloaded VundoFix 6.77 and ran it about thrice. The first time cleared off a bunch of files, the second time detected none, and then the third scan detected new files again !!!!

Below are the logs for VundoFix and HijackThis, please help !!! thanks

=============
My VundoFix Log
=============

First Run
VundoFix V6.7.7

Checking Java version...

Scan started at 1:29:37 PM 1/31/2008

Listing files found while scanning....

F:\WINDOWS\system32\gjkmp.ini
F:\WINDOWS\system32\g... Read more

A:Solved: Help with Trojan.Vundo, Trojan.Metajuan, Trojan.Downloader

Read other 13 answers
RELEVANCY SCORE 27.2

Hi,

My Symantec was sending messages regarding trojan.vundo, trojan.metajuan and backdoor.trojan. I found some info that lead me to your combofix tutorial, which I run and now the pc seems fine, though, in the tutorial is strongly recommended to post the log. Should I?

Thank you!!
-Cristina.

Read other answers
RELEVANCY SCORE 27.2

Hi everyone,

I stupidly got nailed with a few viruses via an AOL IM link (I clicked on a link in my sisters 'away' message), namely:

- Trojan.Sinkin (found in B.exe) http://securityresponse.symantec.com/avcenter/venc/data/trojan.sinkin.html
- Keylogger.Trojan (found in MSIN32.dll) http://securityresponse.symantec.com/avcenter/venc/data/keylogger.trojan.html
- PWSTEAL.Trojan (found in SVCHOST) http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.trojan.html

I'm at wits end, I've got Symantec Internet Security 2003 (which I stupidly had uninstalled because it bogged my pc down so bad~so I guess I deserve this), downloaded the latest virus definitions from Symantec Liveupdate, temporarily disabled the System Restore, and ran the antivirus. Both times I've run it, the three viruses are found, but cannot be removed... wtf ? I've read up on all 3 on the Symantec site, and tried to follow their removal directions (great and simple: update latest virus definitions and run the symantec antivirus, well, duh)

So, due to the nature of these viruses, I'm a little hesitant to use my pc (using a pc at work now).

Would I be better off re-installing Win XP and would that get rid of them ?? My only real concern (apart from having to reload all my soft) is the 1,200 songs I have on my pc, I think I can regenerate them by hooking my ipod back up. Can I safely burn copies of the songs onto cds without running the risk of re-installing the vir... Read more

A:A trifecta: Trojan.Sinkin/Keylogger.Trojan/PWSTEAL.Trojan

Read other 16 answers
RELEVANCY SCORE 27.2

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 27.2

hello guys

really hope one of the experts can help me with this! malwarebytes found the 3 trojans on my computer today. i have tried following the path where affected by unhiding registery files etc but wont let me delete

anyone have any ideas how i get rid of these?

thanks in advance

dom

A:Trojan.0access, trojan.dropper.bc miner and trojan sirefef

apols im not trying to 'bump' - just seen i need gto post these logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by Administrator at 21:42:27 on 2012-07-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0... Read more

Read other 36 answers
RELEVANCY SCORE 27.2

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 27.2

Hello, am new to the forum and am a little hesitant to mess with registry entries, deleting anything that might bea valid system file, hence my request for help.A few days ago, my McAfee seemed to catch a virus coming in on an Instructables download, but I believe I openedthe file and my system was infected....I have since run McAfee scans twice, AdAware, CC Cleaner, Spybot SD, Threatfire, rkill, MBAM, gmer.I believe the original virus is containted but am being redirected everytime I use google to search. Clicking on the Google link redirects me to various sites. Today's site is Threadstone-affiliate.com .......I am onlyusing Mozilla Firefox, have not used IE in a few years.Any help is appreciated....I am attaching the requested logs........DDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by Compaq_Administrator at 21:11:16.96 on Mon 01/18/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1983.1249 [GMT -6:00]AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32&... Read more

A:Google Redirect-Trojan..possible MULDROP.Trojan or DLOADER.Trojan

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this innetsvcs%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sys/md5stop%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfilesCREATERESTOREPOINTClick the "Run Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.

Read other 17 answers
RELEVANCY SCORE 27.2

I'm running on Windows XP Media Center. I've been using Webroot's Spysweeper and PCtools antivirus, and i've constantly picked up the same alerts every time I run a scan and removing them. After removing them and rebooting my computer, I get a fakealert on my taskbar which I can't seem to remove either. I've also tried booting in safe mode and running a scan, but that didn't work either seeing as how everything seemed to come back as alerts when I restarted. I've also noticed that Windows Defender has an error when I startup my computer. Thats the most I can recall happening. I've temporarily removed the red circle with the X on it (fakealert) that advertises some spyware product by closing explorer.exe from my process tabs and restarting it with run.

A:Trojan Zlob, Trojan-backdoor.gen, Fakealert, Trojan.dl.winrean.a

Hello Kanko and welcome.Please run this first, post back the scan report and tell us how the PC is doing now.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message ... Read more

Read other 10 answers
RELEVANCY SCORE 26.8

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 26.4

Norton 360 found the following Trojan.Zeroaccess, Trojan.Zeroaccess.B, Trojan.Gen, Trojan.Gen.2, Backdoor.Trojan and said it has removed them but they keep coming back. I ran Norton Trojan.Zeroaccess removal tool and Norton power eraser and it did not fix the issue. Need help removing them.
Thanks
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Lane at 16:34:19 on 2012-07-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.414 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Winamp ... Read more

A:Infected with Trojan.Zeroaccess, Trojan.Zeroaccess.B, Trojan.Gen, Trojan.Gen.2, Backdoor.Trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 26.4

Every few minutes I get a message from Norton Auto Block telling me a threat has been detected and blocked. It is always one of the viruses listed in the topic title. I have a Toshiba Satellite Laptop operating Windows Vista 32 bit with Service Pack 2. I use Norton 360, and also have NPE. I followed all of your steps in preparing my system for removal. However, I was unable to run Gmer.exe all the way through completion. It would start and then freeze and close before it completed the scan. It even did this from safe mode. Since having these viruses detected, I have also experienced problems with my computer freezing up and the open windows not responding. My mouse will move but will not interact with any icons, nor will task manager open from Cntrl+Alt+Del leaving me with the only option of a hard restart. Sometimes when it comes back it is fine, sometimes the problem occurs again within a few minutes.

Below is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jenny at 0:01:54 on 2012-07-27
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1895 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\... Read more

A:Trojan.Gen, Trojan.Gen.2, Trojan.zeroaccess.b, Backdoor.Trojan

Hello JenPoohBear and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, pl... Read more

Read other 25 answers
RELEVANCY SCORE 26.4

Hello! I wonder how to get rid of these three trojans.I scanned my computer at : http://www.stop-sign.com and found out that my computer is infected with them.
File C:\WINDOWS\Temporary Internet
Files\Content.IE5\SVADYZW1\worldwide[1].htm:JScript.Encode.4

is infected with:
Trojan.AppActXComp

File C:\WINDOWS\Temporary Internet Files\Content.IE5\EOUBC94A\index[1].hta:vbs.0

is infected with: Trojan.MulDrop.557

File C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
is infected with: Trojan.Isbar
 

A:Trojan.AppActXComp , Trojan.MulDrop.557 and Trojan.Isbar

Hi Petronella, Welcome to TSG. What AV program do you use? Is it updated and does it identify them?

Go here for a free on line scan and if it finds them just have them cleaned or deleted:

http://housecall.trendmicro.com/housecall/start_corp.asp
You may have other issues going on with your PC, so if you want you can go here and download Hijack This. Follow the instructions for posting your HJT log here (don't delete anything on your own) and folks here can see what else may be going on.

http://www.spywareinfo.com/~merijn/downloads.html
 

Read other 1 answers
RELEVANCY SCORE 26.4

How do I get rid of this mess?

A)The fix_troj_bymer did not work.

The FLOOD.F-Removal-Tool did not work

C) The 116308-FxSasser did not work

I am basically a "newbie"

A:FLOOD F. TROJAN ; WOLLF.16 TROJAN ; KREPPER G. TROJAN

Let's try theseSome types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ... Read more

Read other 1 answers
RELEVANCY SCORE 26.4

hi, i have been seriously infected with this few trojans and a few more which i will b listing down below..i haf also been infected wif this borlander adware which keep irritatingly pop up windows whilst im doing my work, n if i leave my computer overnite on, tons of websites will b generated..

the trojans tat im infected with are
Trojan.Downloader.Agent.AEA
WOW Trojan
QQPASS Trojan
Trojan.PSW.Delf.nv
Trojan.Crypt.K

Adware infected
Borlander

i haf already tried removing this problems with alot of different softwares, but to no avail, they still come on again when i do the next scan.

the tools that i haf used are
Spybot
XoftSpySE
Lava Ad-aware
Registry Booster

im tinking mayb i haf jus removed the installed program but the installer is hiding somewhere in my computer..
seriously i need some help here.. pls help me...tks

A:WOW Trojan, QQPASS Trojan, Trojan.PSW.Delf.nv and alot more

any1 can help pls???

Read other 8 answers
RELEVANCY SCORE 26.4

Hi, I was referred to this site by Fax from Zone Alarm forum, I found these and others viruses and malware wit WEB DR and A2.

I had in my computer before I isntalled Online Armor, A2 and Web DR. These programs, Avast, Zone Alarm PRO, Zone Alarm Forcefield, Adware, Malabyte, Spywareblaster and XofSpye.

DDS (Ver_09-06-26.01) - FAT32x86
Run by Fernando at 14:31:13.40 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.456 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.... Read more

A:Gen.Trojan.!TK, Virus.Win32.Trojan!TK, Trojan. Generi!TK

Hello, neofito.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksPlease note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

Read other 20 answers
RELEVANCY SCORE 26.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:36:39 PM, on 8/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\tos... Read more

A:Trojan Agent, Trojan Fake, Trojan Generic

HiDisable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a ... Read more

Read other 2 answers
RELEVANCY SCORE 26.4

1. My HP P dv4 2045, Windows 7 Home Premium w/Service Pak 1,64 Bit, with Symantec End Point Protection VER 12.1.1000.157 RU1 is infected with Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen.

a. I can't even get on the internet, having to use my wifes machine!
b. I followed instructions provided at your This Guide link.
c. The only thing I did different is I turned off my antivirus until I finished running Defogger and DDS. Interestingly, I tried to get on the net and was able to but was be redirected so i got off and enabled my antivirus again.

2. I was able to get both the DDS.txt and Attach.txt and the are attached.

3. Original Post: http://www.bleepingcomputer.com/forums/topic464429.html/page__pid__2798030#entry2798030

EM

A:Infected w/Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 19 answers
RELEVANCY SCORE 26.4

Hi -

major screw up. Running window 7 x 64. 8 gb ram, 1tb hd. windows home premium

1. I lost an mp4 file aand downloaded various recovery files to save.
2. After downloading one of them, Norton went crazy saying it protected me against trojan.gen.2 with different codes including 80000000 and 800000064.
3. while trying to recover the files, I restarted the computer and got to the BSOD. It took alot of manipulation, but ended up being able to finally restart. Involved restoring to several days ago.
4. Once in, immediately ran combofix, and it found alot of issues. Restarted and ran it again. restarted and ran it a 3rd time. Kept deleting the same files. (apologies - did not read about NOT running CF until I found this forum.)

I have many logs, but following instructions not to post. I am very concerned that I am still infected, but dont know how to find out without posting. Any advice? Computer seems to be running okay, except the LAN wire no longer connects (although wireless works.)

A:Trojans on computer - trojan.gen.2, trojan.zeroaccess.b, trojan.gen

This infection requires elevated help.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 2 answers