Over 1 million tech questions and answers.

HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Q: HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wouldnt let me run Windows Defender neither or turn anything on that could help me remove or heal my computer. I kept trying with AVG but it just kept filling up my Virus Vault with clones of the 5 virus/malwares. It could clean up or heal some of the clones but the "parent" clones always remained. They were all located in c:\\Windows\System32|services.exe. or in the vicinity of. I was kinda worried, but always up for a challenge.When I'd request "more info" from AVG, they would send me to their ENCYCLOPEDIA OF THREATS. Most of my trojans could not even be found. So I Googled them. I was amazed at how many other people were infected with the same trojans and had the same symptoms as myself!! I seen a couple links that implied they could help with the removal of this malware. I had done this a few other times. It was extensive, but worth saving my computer. I found an article regarding Lune.Sirefef.A. and its removal. I followed the instructions. It wanted me to open task manager and locate the "random.exe" process and end it. Then I was to find a couple registry files and .exes and simply delete them. Pretty easy, right?? WRONG!! I found the "random.exe" and killed the process. I started to hunt down the first bad registry file and my computer said it was and I quote, "shut down 1 minute. Save all work." WTF!!!When it came back on, I thought I'd try again... but I couldn't find the "random.exe" and havent found it since. I seen a couple removal tools instead. But it wouldnt allow me to download anything and was giving me the same error messages as my firewall and w defender. I give up. I have gotten all my docs and pics etc off of my laptop. I tried running system restore and it almost crashed my laptop completely. I thought I was going to have to install windows again. I played with the recovery tools a little and managed to get it to reboot under the last successful configuration. I system restored again and it was successful. Thought and prayed it was over, but nope. The entire time I have been writing this, I can hear the little notification tones from AVG. I am able to remove alot of the bad objects but AVG has found 21 instances of The trojan horse Patched_CLYU and is unable to remove them. It says that it is white listed because it has infected a critical/system file that should not be removed. 2 clones of Patched has invaded a non-local location of my computer. *SIGH* The trojans are reproducing in my files and there aint much I can do. I'd like to spare my laptop, if possible.Here are the reports you requested. Bless your hearts.Sincerely,CD________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ DDS.txt log DDS.txt log.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by Crystal at 0:06:50 on 2012-08-25Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.617 [GMT -6:00].AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\atiesrxx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\atieclxx.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\Explorer.EXEC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\AVG\AVG2012\avgnsx.exeC:\Program Files\AVG\AVG2012\avgemcx.exeC:\windows\system32\svchost.exe -k imgsvcC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\AVG\AVG2012\avgidsagent.exeC:\Program Files\TOSHIBA\Utilities\KeNotify.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\windows\system32\taskeng.exeC:\windows\system32\taskmgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exeC:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\windows\system32\taskeng.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exeC:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.0\ScriptHelper.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\svchost.exe -k SDRSVCC:\windows\system32\notepad.exeC:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6L7LGAK\Defogger[1].exeC:\windows\system32\conhost.exeC:\windows\system32\DllHost.exeC:\program files\internet explorer\iexplore.exeC:\program files\internet explorer\iexplore.exe"C:\windows\System32\svchost.exe" -k LocalServiceDnsC:\windows\system32\SearchFilterHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLLBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No FileTB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTOuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quietuRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exeuRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunmRun: [<NO NAME>] mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTILmRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUPmRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exemRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEmRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exemRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exemRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exemRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDEDmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoActionmRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12StartupFolder: c:\users\crystal\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\crystal\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\users\crystal\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exeIE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dllIE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLLLSP: c:\windows\system32\EasyRedirect.dllLSP: mswsock.dllTrusted Zone: cnet.com\downloadTrusted Zone: stealthgenie.com\wwwDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.blm.gov/wispermits/wis/SP/capicom.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cabTCP: DhcpNameServer = 192.168.0.1 205.171.3.25TCP: Interfaces\{A30A03F8-63A2-409B-8B77-6FD065C812FF} : DhcpNameServer = 192.168.0.1 205.171.3.25Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.0.30\CoIEPlg.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dllmASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-7-28 56496]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-7-28 12464]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-12 27496]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-5-19 176128]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.0.30\ccSvcHst.exe [2009-8-27 117640]R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-8-12 927840]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-5-19 167936]R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2012-5-19 51512]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 EasyRedirect;EasyRedirect;c:\program files\easy-hide-ip\rdr\easyredirect.exe --> c:\program files\easy-hide-ip\rdr\EasyRedirect.exe [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-20 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-3 250056]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-20 136176]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-5-19 171520].=============== Created Last 30 ================.2012-08-25 04:23:24 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2012-08-23 09:46:18 -------- d-----w- C:\TDSSKiller_Quarantine2012-08-13 10:23:40 -------- d-----w- c:\windows\system32\BestPractices2012-08-13 10:23:13 -------- d-----w- C:\inetpub2012-08-13 05:37:31 -------- d-----w- c:\users\crystal\appdata\roaming\AVG20122012-08-13 05:34:26 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2012-08-13 05:34:20 -------- d-----w- c:\program files\AVG Secure Search2012-08-13 05:32:43 -------- d--h--w- C:\$AVG2012-08-13 05:32:42 -------- d-----w- c:\windows\system32\drivers\AVG2012-08-13 05:32:42 -------- d-----w- c:\programdata\AVG20122012-08-13 05:30:35 -------- d-----w- c:\program files\AVG2012-08-13 05:23:25 -------- d-----w- c:\programdata\MFAData2012-08-04 03:52:32 -------- d-----w- c:\programdata\vsosdk2012-08-03 21:37:00 364360 ----a-w- c:\windows\system32\EasyRedirect.dll2012-08-03 21:36:52 -------- d-----w- c:\program files\Easy-Hide-IP2012-08-02 08:53:55 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-08-02 08:53:54 5120 ----a-w- c:\windows\system32\wmi.dll2012-08-02 08:53:54 172544 ----a-w- c:\windows\system32\wintrust.dll2012-08-02 08:53:54 158720 ----a-w- c:\windows\system32\imagehlp.dll2012-08-02 08:52:07 190976 ----a-w- c:\windows\system32\drivers\ks.sys2012-08-02 08:51:40 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-08-02 08:51:39 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe2012-08-02 08:51:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll2012-08-02 06:23:37 -------- d-----w- c:\programdata\xml_param2012-08-02 04:57:06 -------- d-----w- c:\users\crystal\appdata\roaming\Wondershare Video Converter Ultimate2012-08-02 04:56:36 -------- d-----w- c:\users\crystal\appdata\local\Wondershare2012-08-02 04:56:35 -------- d-----w- c:\program files\common files\Wondershare2012-08-02 04:56:15 496640 ----a-w- c:\windows\system32\xvid.ax2012-08-02 04:56:14 892928 ----a-w- c:\windows\system32\iconv.dll2012-08-02 04:56:14 675840 ----a-w- c:\windows\system32\ac3filter.ax2012-08-02 04:56:07 -------- d-----w- c:\program files\Wondershare2012-08-02 02:53:16 -------- d-----w- c:\users\crystal\appdata\roaming\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe2012-08-02 02:53:16 -------- d-----w- c:\programdata\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe2012-07-29 08:35:18 -------- d-----w- c:\users\crystal\Podcasts2012-07-29 08:21:53 -------- d-----w- c:\users\crystal\appdata\local\Sony2012-07-29 08:21:44 -------- d-----w- c:\program files\common files\Sony Shared2012-07-29 08:19:01 -------- d-----w- c:\programdata\Sony Corporation2012-07-29 08:19:01 -------- d-----w- c:\program files\Sony2012-07-29 08:15:09 -------- d-----w- c:\program files\Sony Media Go Install2012-07-29 06:28:14 -------- d-----w- c:\users\crystal\appdata\local\Nero2012-07-29 06:28:12 -------- d-----w- c:\users\crystal\appdata\roaming\NeroDigital2012-07-29 06:19:45 -------- d-----w- c:\users\crystal\appdata\local\Nero_AG2012-07-29 05:56:46 -------- d-----w- c:\programdata\Nero2012-07-29 05:45:16 -------- d-----w- c:\users\crystal\appdata\roaming\HideIPEasy2012-07-29 05:45:16 -------- d-----w- c:\programdata\HideIPEasy2012-07-29 05:15:08 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys2012-07-29 05:15:01 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys2012-07-29 05:15:00 -------- d-----w- c:\program files\Nero2012-07-29 05:14:39 -------- d-----w- c:\users\crystal\appdata\local\AskToolbar2012-07-29 05:14:25 -------- d-----w- c:\program files\Ask.com2012-07-29 05:14:25 -------- d-----w- C:\Firefox2012-07-29 05:11:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2012-07-29 05:11:08 49472 ----a-w- c:\windows\system32\netfxperf.dll2012-07-29 05:11:08 297808 ----a-w- c:\windows\system32\mscoree.dll2012-07-29 05:11:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe2012-07-29 05:11:08 1130824 ----a-w- c:\windows\system32\dfshim.dll2012-07-29 05:08:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll2012-07-29 05:08:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll2012-07-29 05:08:46 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll2012-07-29 05:08:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll2012-07-29 05:08:45 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2012-07-29 05:07:37 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll2012-07-29 05:06:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll2012-07-29 05:05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll.==================== Find3M ====================.2012-08-25 04:23:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-08-25 04:23:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-13 08:34:54 564972385 ----a-w- c:\windows\system32\d3dcache.dll2012-08-03 22:15:18 87608 ----a-w- c:\users\crystal\appdata\roaming\inst.exe2012-08-03 22:15:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys2012-08-03 22:15:18 47360 ----a-w- c:\users\crystal\appdata\roaming\pcouffin.sys2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe2012-05-30 08:57:19 32 ----a-w- c:\windows\system32\ieuicom.dat.dll.============= FINISH: 0:07:46.39 ===============________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

RELEVANCY SCORE 200
Preferred Solution: HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Gener...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

Read other 13 answers
RELEVANCY SCORE 197.2

Trojan horse Patched_c.LXT
Trojan horse BackDoor.Generic15.AXLA
Trojan horse Generic28.ANIC

Hello,

My AVG has found multiple threats on my laptop that cannot be removed. This is what pops up on my screen,

AVG Resident Shield Alert
!Multiple threat detection

c:\Windows\System32\services.exe - Trojan horse Patched_c.LXT - Object is white-listed (critical/system file that should not be removed)

c:\Windows\assembly\GAC_32\Desktop.ini - Trojan horse BackDoor.Generic15.AXLA - Infected

c:\Windows\assembly\GAC_64\Desktop.ini - Trojan horse Generic28.ANIC - Infected

I've tried everything in my knowledge to fix this but have had no success. I've tried researching online but I keep getting redirected to different sites. I followed your NEW INSTRUCTIONS before posting and have included the requested logs in this post (I hope they attached). I do not have access to a Windows Install Disc or Boot CD, I don't know why but my laptop did not come with one when I purchased it last year. I figured I would give you a try first before doing anything else. I would greatly appreciate any help you can give me.

Thank you,

Jorge
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by 1 at 23:52:48 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2280 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *E... Read more

A:MULTIPLE THREATS - Trojan horse Patched_c.LXT, Trojan horse BackDoor.Generic15.AXLA

BUMP, please

Read other 19 answers
RELEVANCY SCORE 187.2

Must have got these a week ago. Noticed after my google search results links would bring me to adsites half the time.

A:"Trojan horse BackDoor.Generic11.IZW" "Trojan horse SHeur2.ADCY" "Trojan horse PSW.Agent.ZSP"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 186.4

Hi there!Like many others lately my laptop has been infected with Bamital Trojan.Date of infection: 2nd, October 2010Detected by: AVG 9 Infected Files: Explorer.exe with Trojan horse Patched_c.JEE and Winlogon.exe with Trojan horse Patched_c.JESAVG Result: "Object is white-listed (critical/system file that should not be removed)"OS: Windows XPThe only things i can remember leading up to the infection was...1. My IE browser sometimes opens up different sites on other tabs2. I had downloaded a part of a movie3. I updated AVG 9 (even though it was just updated approx 2 days prior)Attempted Resolutions:1. I've updated and ran malwarebytes but it couldn't detect the virus.2. I realised my google search results are constantly being redirected to dodgy sites so i've run tdsskiller to remove the malware (but it keeps coming back, not sure if bamital is responsible for this)Additional Notes:1. This is the topic the that notified me that i am dealing with the Bamital infection : htttp://www.bleepingcomputer.com/forums/topic351001.html 2. Users in the topic has suggested the use of Kaspersky Tool to remove the infections but i'm not confident to do it on my own3. This is my friend's laptop so i don't have a copy of his Window's CD...e4. I cannot close AVG as it keeps detecting the threats over and overYour help is much appreciated!! Thanks in advance!! DDS (Ver_10-03-17.01) - NTFSx86 Run by Albert Chung at 22:29:04.35 on Wed 06/... Read more

A:Trojan horse Patched_c.JEE & Trojan horse Patched_c.JES / Bamital Infection

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 29 answers
RELEVANCY SCORE 185.2

Running Windows 7 64-bit Home.

DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Admin at 15:20:57 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3923 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\CS... Read more

A:Trojan horse Patched_c.LXT and Luhe.Sirefef.A

please run the following

Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Read other 14 answers
RELEVANCY SCORE 180

Hi, thanks for taking a look, AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH I have no idea how dangerous these are I think they have been on my laptop for a week or so.
How do I remove them?
Many Thanks
MrP
 

A:AVG Says I'm infected with Trojan Horse Back .Agent.IQL / Trojan Horse Generic5.GUH

bump
 

Read other 1 answers
RELEVANCY SCORE 178

My Norton AntiVirus Software keeps alerting me that an outside computer is trying to acces my computer using a BackDoor/ Sub Seven Trojan Horse. Does this mean that the Trojan Horse is on my computer and someone is trying to access it? I have another laptop on the same router and NAV gives no warning at all on that one. Lately my internet connection has been really slow and I get booted repeatedly. I think this is because there is a program on my computer taking up all my bandwidth. I'm new to this site so if you could speak in layman terms so I can understand I would really appreciate it.
Thank You.
 

A:Back Door/Sub Seven Trojan Horse!!!!

Read other 8 answers
RELEVANCY SCORE 178

Hello, I have a trojan horsecalled Backdoor agentB found in C:winnt\system32\d3dckoa.dll makes my comp keep restarting 2 then on the 3rd says run avg 6.0 wich I do and tells me cant be removed.. how can i remove this here trojan? thanks..ron
 

A:trojan horse back door

go d/l Norton AV trial version, run that and it'll probably quarantine that. also to make sure go to trendmicro.com and run the scan there. also d/l Hijack this and post a log file, don't do anything just scan and post the log....that should be enuff
 

Read other 1 answers
RELEVANCY SCORE 176

Hi there,

My computer's been infected with the trojan horse file named above; I've got AVG and it continually finds it on the comp. I've read a few other threads and have downloaded Hijackthis. Here is my saved log. Could someone please tell me which files to remove/what to do next? Appreciate it!

Logfile of HijackThis v1.99.1
Scan saved at 9:05:21 AM, on 11/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Micro... Read more

A:Trojan Horse Back Door Virkel B

Read other 16 answers
RELEVANCY SCORE 176

Hi,
I am using a windows XP professional(ver 2002)with Service pack 3.A couple of days back, somebody used a pendrive on my PC. My AVG gave me a warning of some viruses ,which were deleted. Afterwards, I was unable to open chrome.when i tried to download it again, AVG gave me a warning of Trojan horse back door generic dtetected on open. I have MBAM,itried to update it so as to post a log here, but got the following warning from AVG:

C:\Programm Files\MAlwarebytes Anti-MAlware\mbamcore.dll

Warning: Trojan Horse Back Door.Generic13.YXM
Detected on open.

I am unable to access MBAM ,now .it says file not found.

Also prior to the pendrive usage, my AVG was showing license validiaty till 2017, but now it says valid till 2011.
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:36:20 PM, on 12/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Upd... Read more

A:Trojan Horse Back Door.Generic 13.yxm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 1 answers
RELEVANCY SCORE 176

2 entries the same when I ran AVG.
The 1st. one said Infected imbedded object.
The 2nd. one said Infected archive.
Could not remove.

A:Trojan horse Back Door Generic 10.LFG

Let's take a look with Malwarebytes...Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click... Read more

Read other 1 answers
RELEVANCY SCORE 176

Ok here goes.. I have aparticularly nasty little bug that will not go away. AVG Anti-Virus is the only program that I have tried that will pick it up. AVG lists as Trojan horse Back Door.Agent.BA; but here is my main problem.. even though AVG will identuify it will not delete. I tried deleting files manually but it keeps re-creating with new file names and extensions in system32 directory. Just goes on and on. I read some other forums and they suggedted running in safe mode, but that did not work. others suggested Ad-aware Version 6... But no help. Of course I could always re-format hard drive but since AV programs wont erase or pick up I may get the nasty little thing agfain.

Oh..BTW I would be willing to pay someone a good price for an Av program that would squash this thing and prevent it.

Any help would be appreciated.
Also tried Ad-aware and Spy bot.. no luck dont even see it.
Also tried Mcafee, Pccillen, and a couple other AV programs but none will even pick this one out.

Can anyone help?
 

A:Trojan Horse Back Door.Agent.BA

I also have in incountered you little friend, I'm running windows2k and I have been trying to get rid of Trojan horse BackDoor .Agent. BA for two Days. I have used AVG, AdAware,Spy-bot, Spy swepper, and I have downloaded from AVG a program called VCLEAN that i ran in safe mode and I have not gotten ride of this thing yet.

Please! if any one has any new Ideas on how do kill this thing let me know.
 

Read other 3 answers
RELEVANCY SCORE 174

I've been infected with this virus. AVG will spot the virus, but will not allow it's removal. I have downloaded and tried TDSSKiller, but it didn't seem to spot the virus and did nothing. I downloaded HijackThis and the following logfile was generated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:38 AM, on 2/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon... Read more

A:Trojan Horse Back Door Generic 12.AAVT

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 174

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:45:54 a.m., on 27/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exeC:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exeC:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\ARCHIV~1\AVG\AVG8\avgwdsvc.exeC:\Archivos de programa\Windows NT\Updatas.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Archivos de programa\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\ARCHIV~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Archivos de programa\Synaptics\SynTP... Read more

A:Infected with Trojan horse Back Door.Hupigon4.EFO

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only... Read more

Read other 2 answers
RELEVANCY SCORE 174

DDS (Ver_09-02-01.01) - NTFSx86
Run by paul at 16:37:12.21 on Wed 02/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.254 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.g... Read more

A:help me remove brosnmdll trojan horse back door

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 2 answers
RELEVANCY SCORE 174

Hi,
I have tried Malwarebytes' Anti-Malware, AVG, and Super Anti Spyware. They all find the problem, and ask me to reboot in order to remove it, but it does not work. It first time I noticed the problem was when I found a new Bear Share toolbar in my Firefox that I did not download. I ran the scans and things were removed, but not the above mentioned name. I also removed the Bear Share in Add/Remove programs, and manually deleted the folders I found. I don't see any problems caused by the virus, other than my computer might be a bit slow. Here is the log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Customer at 21:39:55.93 on Tue 04/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.510 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS&#... Read more

A:Infected with Trojan horse Back Door.Generic 11.HCO

Hello, amanda.anonymousWelcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or... Read more

Read other 15 answers
RELEVANCY SCORE 174

Please could you have a look at this, we need some urgent help to get our computer up and running again so anything you can suggest would be great. We're running Windows XP Pro and yesterday our computer came up with a virus warning, we're worried this will effect our small network of computers so have unplugged it from the system but would be grateful for any help. Many thanks Kate and PaulaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 09:28:59, on 25/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Microsoft SQL Server&#... Read more

A:Infected with Trojan horse Back Door. Generic10.ZLE

Hello Pier Marketing,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

Is this a business computer?

Read other 2 answers
RELEVANCY SCORE 168.8

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS ... Read more

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 168

Please help!!

My computer is infected with Trojan Horses. There are 3 of them, Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA and Trojan Horse Generic2.ALS. They keep coming back after removal. They are alway in Temporary Internet Files directory and windows\system32 directory.

I have AVG, Spybot, Ad-aware, awido antispyware, windows defender installed in my computer. I also downloaded SmitfraudFix, combofix.exe, KillBox.exe, Look2Me-Destroyer.exe, VirtumundoBeGone.exe, VundoFix.exe and autoruns.exe after reading your forum. However, I didn't run some of them as I don't know how to use it.

Attached my HJT log. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:19:07 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

Read other 12 answers
RELEVANCY SCORE 167.6

Please help, I'm running AVG 2012 Free Edition on Windows 7 and I have been infected with Trojan horse Dropper.Generic_c.MMI, which is in services.exe, I don't even know where to begin!

EDIT: I've resolved the Backdoor trojan, still need help with Dropper.Generic_c.MMI

A:Infected with Trojan horse Dropper.Generic_c.MMI and Trojan Horse Backdoor.Generic15.BHGZ

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 167.6

Version of Windows: Microsoft Windows XP Media Center Edition 2002 Service Pack 3Errors on Start-up: 1. QUOTELSASS.EXE memory allocation error cannot load command system halted.Errors on Shutdown I have to "End Now": QUOTEexplorer.exe, Connections Tray, Net Broadcast Event Window.2.0.0.378734, & MCI command handling window-My PC locks up when running the GMER scan & have to shutdown by powering PC off-I have had AntiVirus Soft multiple times even after removing w/ spybot search & destroy, ad-aware, Zone Alarm(Uninstalled), Norton(Current AV). It seems to reactivate the virus when I visit myspace.com apps. A java box comes on & all the sudden AntiVirusSoft is back in the start up & active. I reboot into safe mode, take it out of start up, reboot normally & do a spybot scan which seems to remove..But it keeps coming back like a cheesy horror movie character. -Have found QUOTE"Trojan Horse svchosts" in start up programs. I turned off & deleted. Scans didn't pick up virus??-When I reboot my pc my internet is being blocked for around 15-20 mins. The fw is off until the net gets unblocked by ??.-Games such as Resident Evil 5, Fallout 3, BF2 etc have been locking up & crashing since I got that lsass.exe error on start up. They are unplayable now. -Got that lsass.exe error a week ago after turning off start-up programs in MSConfig. Turned them all back on but error still stays. The MSConfig starts up automatically after a blue ... Read more

A:Antivirus Soft/Trojanhorse Svchosts/Combofix.exe(Trojan Horse)/a0442396.exe(Trojan Horse)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 167.2

Aaargh!!!!AVG 9 just started detecting this...Message pops up every few minutes...File name: 211.20.210.87/install.exeThreat name: Trojan horse Generic_r.CJProcess name: C:\Windows\System32\svchost.exeProcess ID: 884It pops up frequently but I cant seem to fix it or eliminate the problem. HELP!!! How do i fix this? AVG doesnt seem to be able to resolve the problem.

A:HELP! Please. Trojan horse Generic_r.CJ

exactly the same thing is happning to me wtf

Read other 2 answers
RELEVANCY SCORE 167.2

I think I need some help. I did a scan with my anti-virus software(AVG Anti-Virus Free Edition 2012) last night and it found Trojan Horse Generic_r.bat. How do I remove this. The AVG software couldn't. I also have ZoneAlarm Free Anti-virus + Firewall on my PC. There seems to be a conflict between the AVG anti-virus software and the ZoneAlarm anti-virus software. How do I remove the Trojan Horse and the anti-virus part of ZoneZlarm. Any advice you can give would be very much appreciated. Many thanks.

A:Trojan horse Generic_r.bat

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 167.2

How can I remove. It also says infected. Here is the link or whatever you might call it "";"C:\Windows\System32\services.exe (808):\memory_01040000";"Trojan horse Generic_r.AZB";"Infected"
Any help will be greatly appreciated. TY.

A:Trojan horse generic_r.AZB

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 12 answers
RELEVANCY SCORE 166.8

My browser keeps redirecting to various sites. From google and other sites.

AVG has detected that ../system32/services.exe is infected with trojan horse patched_c.lxt
It has also detected that ../windows/assembly/GAC_32/desktop.ini is infected with trojan.generic15.axla

Malware bytes detected that a file in the windows/installer/ folder was infected with trojan.dropper.bcmilner and healed it.

problem Still remains please help!

DDS and GMER logs are attached.

Below is the DDS log.

Any help is much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by LesH at 14:26:59 on 2012-06-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4001.1993 [GMT 1:00]
.
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\W... Read more

A:services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 166

I went away for a couple days, came back and found these. AVG can't remove them, says they're whitelisted. Symptom is, every time I try to google the file names I get redirected, and I keep getting a windows security asking if I want to unblock stuff.Thanks, Tom

A:"Trojan horse generic22.BEWG" and "Trojan horse BackDoor.Generic13.BKVZ

Looks like you have a redirected infection. Have you try running Malwarebytes yet?

Read other 16 answers
RELEVANCY SCORE 166

I think my computer is infected. I ran AVG 8.0 free scan and it found the two trojans mentioned in the title. I deleted them. My computer is slow and acting strangely so I installed hijack this and ran it. Can you take a look and see if it is and what can I do next? I want to thank you for your time and efforts and tell you I appreciate it ahead of time. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:47 AM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Max Registry Cle... Read more

A:trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ

Read other 15 answers
RELEVANCY SCORE 166

Hi Techsuportforum,

My AVG software revealed that I have had two trojan horses (Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ) on my PC since 5/21. Aside from occasionally not being able to properly "shut down", the PC seems to be working fine. Nevertheless, I'd like to get rid of the trojans.

The GMER scan failed with a blue sreen of death twice, but seemed to complete successfully on the third try, albeit quickly. The completed scan took only 2-3 minutes (250GB disk w/ 100GB free)!?

I have access to a Windows XP install disc, and have the WIndows XP Recovery Console available to select at boot-up.

Any help/advice you could offer would be greatly appreciated!


Hanoihancock


-------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul Hancock at 18:21:05.68 on Sun 06/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2857 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

Read other 9 answers
RELEVANCY SCORE 166

My son's Windows 7 computer has two trojan horse infections that were detected by AVG, but AVG was unable to quarantine or remove them
 Trojan 1.PNG   72.1KB
  8 downloads
 Trojan 2.PNG   55.63KB
  8 downloads. He has known about the infection for some time, but has continued to use the computer. I first became aware of the situation when he asked for help when, on boot up, he got a message "missing operating system." We were able to boot from the recovery disk, but now the infection remains and the system runs extremely slowly. We were able to download and run DDS; however, it does not create the dds.txt file, but only the attach.txt file. We ran it several times, and sometimes it creates the attach.txt file (version attached called attach2.txt
 Attach2.txt   811bytes
  4 downloads) and a couple of times it created a version which includes restore points (version attached called attach3.txt
 Attach3.txt   1.02KB
  3 downloads).
 
Internet connection on the computer has been intermittent. It was connected earlier this morning, long enough to download and run DDS and email the attach.txt files to me (I'm doing this post from my uninfected computer). Right now the infected computer is "not connected - no connection available." It should connect to the same wireless network in our home that my uninfected computer is connected to.  ****UPDATE**** The internet connecti... Read more

A:Infected with Trojan horse TDSS.CA and Trojan horse Dropper.Generic8.AXHI

Here are some more files that might help you. They are AVG Resident Shield results.
 AVG Resident Shield results 1.png   812.84KB
  3 downloads There are three more screen shots to this report, but it won't let me upload any more.

Read other 47 answers
RELEVANCY SCORE 166

I have probably been infected by trojan horse dialer for over a month so I cannot remember exactly how I got infected but I think it is because I was using IE but now I have permanently switched to Firefox. I have scanned my computer with Spybot search and destroy, adaware, avg antivirus, and vundo both in normal and safe mode. It seems as though I have gotten rid of trojan horse dialer with the vundo tool but then I became infected with trojan horse Lop.as. Everytime I do scan my computer with an antivirus tool the viruses and trojans usually show up in the internet cache or temporary internet files. That is probably why I cannot remove these viruses permanently. I regularly get those popups from AVG saying that they have detected the threat of trojan horse Lop.AS. I am running on Windows XP with SP2. The security tools that I run are the teatimer of Spybot, AVG real-time antivirus, and Zonealarm firewall. Now that I think I have gotten rid of Trojan horse dialer.COH my computer seems to be running at the previous speed before becoming infected. However, I still want to get rid of the Trojan Horse Lop.AS since the popup notice from AVG is so annoying. In conclusion, I have come to BC for a permanent solution.

A:I Am Infected With Trojan Horse Dialer.coh; Trojan Horse Lop.as; And Some Other Annoying Cookies And Viruses

http://www.bleepingcomputer.com/securityblog/2006/10/Unfortunately, though, this October when the latest batch of renewals and new awardees were admitted we found a new MVP who leaves a bad taste in our mouths. This awardee is Cyril Paciullo, otherwise known as Patchou, and is well know as the creator of Messenger Plus. As a program, Messenger Plus actually has some slick features, but our problem is that this program also comes with a known adware and Trojan called LOP.What is funny is when Microsoft Security MVP Derek Knight scanned the main executable for Messenger Plus, at the free scanning site VirusTotal, Microsoft was the only vendor that stated that the installer was a threat. --------------------------------------------------------------------------------Uninstall instructions in link below:http://www.bigblueball.com/forums/msn-mess...senger-6-a.html

Read other 4 answers
RELEVANCY SCORE 165.2

Hello. I am hopeful that someone can help me. My laptop appears to have been infected. Looks like the culprit might be a rogue malware or virus posing as an antivirus program. Not sure how it got on the laptop.

I run Avast Anti-Virus and use IObit Security 360 faithfully.

The intial attack came through with something called "AntiVirus 8". I recognized that something was not right and immediately tried to stop it, but it was somehow already on board and causing trouble. I quarrantined and removed most of it with the IObit 360 but there appears to be something residual as the Windows automatic updates are not working now and I get an error 80070020 code with the update.

I am now also get a frequently occurring Avast intrusion alert from the network trying to open a bad website.

Below are reports and logs. One note, the when I attempted to use the HijackThis app from TrendSecurity, a pop up a alert appeared that read something like "System denied access to Host Files" and instructed me to do a Start, Run on C:\Windows\System32\drivers\etc\hosts or if using VIsta, just right click HiJackThis icon and run as system admin. Neither of these worked, so I ran a HijackScan using IObit 360. Please let me know if you need it specifically from HijackThis that you direct to use and I can try again to get around that issue I described.

Thanks for any help you can provide.

Logfile of IObit HijackScan v0.2.0.0
Scan saved at 7:56:14, on 2010-11-13
Running processes:
C... Read more

A:Back Door Trojan Horse? Windows Update Error - 80070020 & AntiVirus 8 Malware Problem

Read other 10 answers
RELEVANCY SCORE 165.2

I have a Virus called Trojan Horse Generic_r.BOP I have Googled this virus and come up with nothing. AVG catches, says it quarantines it, but it is there again on the next AVG search. I'm not sure how to go about removing the virus. It has effected my browser, saved searches, etc. help?

A:Trojan Horse Generic_r.BOP Removal

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 27 answers
RELEVANCY SCORE 165.2

A while ago, I eas running AVG.
I had 7viruses.
unfortunately, when i tried to heal and remove the viruses, a trojan could not be removed.

it is a Trojan horse Generic_r.BO
it is located in C:\WINDOWS\SYSTEM32\7D7C15\F0CDF9.EXE (3312)

then when i ran AVG again and again, four similar trojans would appear.
i can remove the three but the one above is impossible.
after that, the other three would show up again..

I sent an email to AVG with the infos my antivirus had.
and the my antivirus' email scanner kept on scanning it.

My flash disk has been infected also.
when i try to open folders in it, it would open in a separate window.

and then my internet explorer keep on showing up even though i did not open it.
it would got to some sort of www.123.com
the language that the website uses is like chinese or something.

then i ran my HJT. and got this logfile.
can anybody please help me with my problem?
how can i remove that trojan?
thanks.

here's the logfile of HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:06 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtE... Read more

A:HELP: I cannot remove a Trojan Horse Generic_r.BO

I ran Malwarebytes a while ago.
and I got this LOG.

PLEASE HELP ME.

Malwarebytes' Anti-Malware 1.36
Database version: 2019
Windows 5.1.2600 Service Pack 3

4/22/2009 2:42:44 AM
mbam-log-2009-04-22 (02-42-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159068
Time elapsed: 54 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{64C55BAE-0167-4E29-A424-980E0BCA06F2}\RP248\A0135405.vxd (Adware.W... Read more

Read other 2 answers
RELEVANCY SCORE 165.2

I have Windows Vista and AVG antivirus on the system. In one of the scans, AVG detected Trojan horse generic_r.EXT. It quarantines the said virus but does not remove it. On every scan, AVG detects the same virus and quarantines it. 
 
I have used Microsoft Security Essential, Microsoft Safety scanner, Adwcleaner, Combofix and they all were not able to detect this virus. Apparently AVG does a good job of detecting it  but not removing it. What do I do? 
 
How do I remove this virus?  Please help.

A:How to remove Trojan horse generic_r.EXT

I still have the problem and issue has not been solved. Help
 
I have Windows Vista and AVG antivirus on the system. In one of the scans, AVG detected Trojan horse generic_r.EXT. It quarantines the said virus but does not remove it. On every scan, AVG detects the same virus and quarantines it. 
 
I have used Microsoft Security Essential, Microsoft Safety scanner, Adwcleaner, Combofix and they all were not able to detect this virus. Apparently AVG does a good job of detecting it  but not removing it. What do I do? 
 
How do I remove this virus?  Please help.

Read other 8 answers
RELEVANCY SCORE 163.6

Hi all you wonderful people at bleeping computer!I'm hoping you might be able to help me with a Trojan I have on my laptop. AVG is picking it up occasionally and always on startup, but it keeps coming back.I've followed the preparation guide and am pasting and attaching the data requested... except...!My machine has crashed a number of times during the GMER scan so I've had to give up on that one. Let me know if there is something else I should do so the scan can complete.Here is my DDS log and the other file is attached.DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:00:38.24 on 07/05/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.333 [GMT 1:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\LAUNCH~1\LManager.exeC:\Program Files\Common Files\Logitec... Read more

A:Nasty Trojan "Trojan horse Generic16.CNLB"/ "Trojan horse BHO.MFW"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 22 answers
RELEVANCY SCORE 163.2

I ran AVG: result
"C:\Program Files (x86)\AVG\AVG10\avgtray.exe (2204):\memory_04690000";"Trojan horse Generic_r.CEN";"infected"
"C:\Program Files (x86)\AVG\AVG10\avgui.exe (9860):\memory_05840000";"Trojan horse Generic_r.CEN";"infected"
 
My computer is very slow. I think this trojan horse is the problem but would not be surprised if it is many things going on.
Need help! Thanks
 
 
 
dds.txt log:

 attach.txt   13.77KB
  0 downloads
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Denise at 16:05:25 on 2013-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.1617 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* 4
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* 3
SP: Windows Defender *Disabled/Updated* 2
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\sv... Read more

A:Trojan horse Generic_r.CEN & Computer slow

Hello DDSKi I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

Read other 23 answers
RELEVANCY SCORE 163.2

Hi, this is my first post. A week ago my idiot son who was visiting, connected his hard drive to my computer while connected to the internet and with autoplay on.Subsequently I was infected with a number of viruses.I have never had problems before. My Norton Antivirus programme was useless and I uninstalled it as it was unable to solve the probs and kept freezing. Taking advice from forums like this I installed Malaware and AVG free as virus checks, Spybot, and Adaware to complement Spyware terminator I already had. I also have Hijack This. I also installed Zone Alarm as a firewall and now use Mozilla Firefox as a web browser instead of MIE. After hours of scans in normal and safe modes, replacing my hosts file which had porn and betting site references on and deleting lots of refs. from my registry I still have a problem. I originally had a 'Pandex' virus, 'Fakeavalert' virus, 'Trojan horse small' and 'tidseerv' virus. My sons hard drive had a 'resycled' folder with a boot.com file on which transferred to my hard drive. They all , fingers -crossed have gone. I turned off windows restore, but I am left with a continual resident shield alert from Avg virus scan saying I am infected with the Trojan horse downloader.generic_r.Bj virus on various temp files in windows. It is unable to delete these. I have managed it in safe mode but they return. If I try manually to delete those files I am unable as they are locked by a running process. I ... Read more

A:Infected with Trojan horse downloader.generic_r.Bj

Please do this next.Open MBAM and click Update tab, select Check for Updates,when doneclick Scanner tab,select Full scan and scan.After scan click Remove Selected,Post new log and Reboot.Follow that with SDFix..Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 8 answers
RELEVANCY SCORE 163.2

I have 2 trojans Trojan horse Generic5.GUH,Trojan horse BackDoor.Agent.IQL would like to remove I have external hard drive.could not run the online scans except stinger, house call made a load bleeping noise?Laptop used for sensetive stuff banking etc. will change passwords on other machine.Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:43 PM, on 24/07/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\AGRSMMSG.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Windows\ehome\eh... Read more

A:Infected With Trojan Horse Generic5.guh,trojan Horse Backdoor.agent.iql

Hi mrpugowski,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 163.2

My avg and avast has picked up these trojans trojan horse bho.eiz , trojan horse vund.t and win31/heur. I have tried the panda site but it wouldnt scan for me so then I came to this site to see if someone could help me. I have followed all the steps on the preparation page. When I did step 5 it didnt find anything and wouldnt let me copy a log to paste to you.MAIN.TXTDeckard's System Scanner v20071014.68Run by AuSSie` on 2008-06-15 07:48:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-06-14 16:17:42 UTC - RP145 - Windows Update10: 2008-06-14 09:57:20 UTC - RP144 - Windows Update9: 2008-06-14 09:43:37 UTC - RP143 - Restore Operation8: 2008-06-14 09:31:30 UTC - RP142 - Restore Operation7: 2008-06-14 06:26:17 UTC - RP141 - Windows Update-- First Restore Point -- 1: 2008-06-10 06:01:26 UTC - RP134 - Scheduled CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as AuSSie`.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:34 AM, on 15/06/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL&#... Read more

A:Infected With Trojan Horse Bho.eiz Trojan Horse Vundo.t Win32/heur

HiFirst ... you should NOT be running 2 anti-virus programs, they will conflict ... choose between AVG8 & Avast ... keep one & uninstall the other ...Second ... with the malware showing in your log, I find it hard to believe that the Kaspersky Online Scan found nothing if set to scan My Computer ... If it was not set to scan My Computer, please run it again...THEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteamEDIT ... What are th... Read more

Read other 2 answers
RELEVANCY SCORE 163.2

HELLO, this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page. Your answers and instructions has been of geat use and help to me.Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected. I checked my Avg Anti Virus and found seven items in the quarantine folder. The items were listed as Trojan Horse Generic 4.BO and a Trojan Horse Downloader Zlob.mcq. I ran Ad Aware and it found sever items mostly cookies and Zango, which was removed. I then ran another scan and it came up clean. I ran a Panda Active scan and it found more infections.I have included the report with my HiJack log. I had a problem running a panda scan until I notice a registry cleaner was blocking me from loading active x program needed by Panda. I was able to uninstall the program. I installed Spybot and and it found even more infections such as Hot box, freeze.com and a registry change. At this point I now know I have a serious problem. Thank you in advance for any help you can provide me and my computer. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:54:23 PM, on 8/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. D... Read more

Read other 5 answers
RELEVANCY SCORE 163.2

I have been struggling with this for a couple of days now. Some kind of malware(?) that keeps warning me that I have a virus and need to buy their anitvirus software. I have use Adaware, SmitFraudFix, Vundofix, CCleaner, and Ewido which seemed to find and clear a bunch of stuff. I thought I had got rid of it, but it keeps coming back. I seem to have gotten rid of some of it though as I'm not getting the "warning" messages all the time. My AVG keeps telling me I have a trojan (Trojan horse Dropper Agent.BTI and Trojan horse Pakes.U) but can't seem to fix it. I have no idea what to do!! Please help!

A:malware Trojan horse Pakes.U/Trojan horse Dropper Agent.BTI

Logfile of HijackThis v1.99.1
Scan saved at 10:59:21, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Johanna\Desktop\ewido anti-spyware 4.0\ewido.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Di... Read more

Read other 17 answers
RELEVANCY SCORE 163.2

Hello,

This is my first post here. Hopefully, this will resolve my problems.

According to AVG Anti-Virus, I have these Trojan horses, neither of which is not "healable." There is a virus called "Virus identified exploit" that I noticed in the AVG Virus Vault as well. How can I fix these issues? Might it help to mention that the latter has been in the Vault since October 5, 2007 (I only noticed it now, when I was running a scan, but I-or the laptop-run scans often). The first Trojan since March 6, 2008 and the second trojan, since today.

Attached is my HJT Log. I did attempt to complete a Panda ActiveScan but an "Update error" prevents it, saying "Sorry, updating is incomplete due to an error. Please try again." I've tried several times to re-update but my attempts have been futile.

Logfile of HijackThis v1.99.1
Scan saved at 6:13:02 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Read other 1 answers
RELEVANCY SCORE 163.2

Trojan horse SHeur2.BEKQ infecting bogogife.dll and Trojan Horse Generic14.AXEW infecting logon.exeI was minding my own business on the net and the resident shield alert pops up telling me I have infections...I clicked to try to delete them and it said it wasn't recommended. so here I am again...I seem to get infections alot and don't know what Im doing wrong. Please HelpHere are the documents requested:DDS (Ver_09-07-30.01) - NTFSx86 Run by Twiss at 17:53:58.56 on 17/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1261 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\OEM02Mon.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\New Java\bin\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOW... Read more

A:Trojan Horse SHeur2.BEKQ & Trojan horse Generic14.AXEW

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 5 answers
RELEVANCY SCORE 163.2

Both of these trojans found through AVG. First, Backdoor.Generic11.BBDE a couple of weeks ago, now Crypt.HOS. All moved to Virus Vault except for file c:\windows\system32\drivers\asyncmac.sys; AVG states object is white-listed (critical system file not to be removed). I Goggled to research these and it's made me worried/parnoid about all the banking and bill paying I do online. One site said to change all passwords via another computer. Should I? I've gone through my Add/Remove Programs and do not see anything unusual installed.

I have a Dell Desktop Dimension 2400 40GB hard drive, 1 GB RAM, Windows XP Pro Version 2002 SP3, Intel Pentium 4 2.66 GHz.

I installed, uninstalled, and reinstalled three times Malwarebytes Anti-malware and keep getting "Error 703, 0, 13".

My Hijack This log follows. Any help and advice is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:01 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.... Read more

Read other answers
RELEVANCY SCORE 159.2

Basically, I've had this for a little while now. At first, it was bearable. Now it isn't.

Patched_c.LXT Trojan horse

Any help would be greatly appreciated.

Computer's data:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 5995 Mb
Graphics Card: Intel(R) HD Graphics Family, -1226 Mb
Hard Drives: C: Total - 696869 MB, Free - 497066 MB;
Motherboard: Acer, JE50_HR
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
 

Read other answers
RELEVANCY SCORE 159.2

For those reading this topic, this is an advanced malware and unless you absolutely know what you are doing, and are willing to deal with the consequences of fixing a computer gone bad, we suggest that you request malware removal help using this topic:Preparation Guide For Use Before Using Malware Removal Tools and Requesting HelpFor those who wish to work it out on your own, please do so at your own risk as you will see from other's posts in this topic that some fixes could cause your computer to become non-operational.-GrinlerHello everyone, after dealing with a search engine redirect problem last night (dealt with it with malwarebytes, then it returns a hour later, malwarebytes didn't find it so I used noscript on my firefox), I get this virus just a few minutes ago. It's in my browser.exe.AVG detected it as a multiple threat pointing to the C:\\WINDOWS\explorer.exe file... and the resident shield log is still logging it. Scan is still not finished but is there anything I should know before I decide what AVG must do with this file? The resident shield told me it's a white listed file.Thanks for your time in reading this, I shall hope to be able to get this resolved. It is scaring me.

A:Trojan horse patched_c.JED

I'm having the exact same problem. The AVG Resident Shield Alert constantly pops up saying c:\\WINDOWS\explorere.exe is infected with Trojan horse Patched_c.JED. I also got this after dealing with a search engine redirect problem last night.

Read other 73 answers