Windows Support Forum

Infected with trojan agrent_r AOB

Q: Infected with trojan agrent_r AOB

HI,

My AVG Antivirus 2011 alerts is saying it identifies the trojan horse agent_r AOB. A file called conhost.exe is identified in the windows temp file. This is happening every few min.
Computer freezes, start button freezes and I have a weird windows installer for scandisc auto starting at start-up wanting me to install. The only way to get out when the PC feezes is to force the computer to shutdown via the PC.

Computer is XP 2000
Malaware and super antispyware installed and do not detect the problem.

Please help me out!

Many thanks,
Duru

Relevancy 100%
Preferred Solution: Infected with trojan agrent_r AOB

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected with trojan agrent_r AOB

Hello, I suspect a Rootkit. Lets lok at these logs please.Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.>>>>Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Troubleshoot Malwarebytes' Anti-Malware >>>LastlyPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

http://www.bleepingcomputer.com/forums/t/417140/infected-with-trojan-agrent-r-aob/
Relevancy 45.15%

I have been clearing a computer from numerous infections I uninstalled the outdated since McAfee AV I have installed Microsoft Security Essentials MBAM and SuperAntiSpyware I used this combination as well as several online Infected with: Trojan & Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, Win32/Unruy.D. Downloader: scanners to remove over infections Every time I run a scan with SAS the log comes back with the following infections Trojan Dropper SVCHost-FakeC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SVCHOST EXEC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SVCHOST EXETrojan Agent Gen-FakeAlertC SYSTEM VOLUME Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. INFORMATION RESTORE D FFFA B B SMSS EXEC SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SMSS EXEMicrosoft Security Essentials pops up during the scan with the following infection Trojan Downloader Win Unruy D C SYSTEM VOLUME INFORMATION RESTORE D FFFA B B SMSS EXE I created a new restore point and deleted all previous points yet these infections still remain I was receiving help from another moderator who had me try several things before directing me here Topic referenced is here http www bleepingcomputer Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. com forums t cannot-remove-trojan OB I am posting the DDS log GMER log and attaching Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D. the attach txt file Thank you in advance for any and all help you can provide DDS Ver - - - NTFSx Run by Phillips at on Tue Internet Explorer Microsoft Windows XP Home Edition GMT - AV Microsoft Security Essentials On-access scanning enabled Updated BCF -A - -AEDE-D FCBCFCDF Running Processes Executable exe C WINDOWS system svchost -k DcomLaunchsvchost exec Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exesvchost exeC WINDOWS system spoolsv exesvchost exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Java jre bin jqs exeC Program Files Common Files Motive McciCMService exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system wuauclt exeC WINDOWS Explorer EXEC Program Files Analog Devices Core smax pnp exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Microsoft Security Essentials msseces exeC Program Files Unlocker UnlockerAssistant exeC Program Files Common Files Java Java Update jusched exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system ctfmon exeC Program Files IncrediMail bin IMApp exeC Documents and Settings Phillips DDGKJJ Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearchMigratedDefaultURL hxxp www google com search q searchTerms uInternet Settings ProxyServer http uInternet Settings ProxyOverride uSearchURL Default hxxp www google com search q sBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB BA B -B - c -B - F F - No FileEB amp Research ff e -cc a- e e-bf b- e d - c progra micros office REFIEBAR DLLuRun IncrediMail c program files incredimail bin IncMail exe cuRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exeuRun ctfmon exe c windows system ctfmon exemRun SoundMAXPnP c program files analog devices core smax pnp exemRun IntelMeM c program files intel modem event monitor IntelMEM exemRun MSSE c program files microsoft security essentials msseces exe -hide -runkeymRun UnlockerAssistant c program files unlocker UnlockerAssistant exe mRun SunJavaUpdateSched c program files common files java java update jusched exe dRun DWQueuedReporting c progra common micros dw dwtrig exe -tdRunOnce FlashPlayerUpdate c ... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/319178/infected-with-trojandroppersvchost-faketrojanagentgen-fakealert-trojan-downloader-win32unruyd/
Relevancy 44.72%

Desktop Sony Vaio Windows XP SP GB RAM These four infections - HACKTOOL ROOTKIT TROJAN VUNDO TROJAN PANDEX and with Infected HACKTOOL.ROOTKIT HORSE TROJAN.VUNDO TROJAN.PANDEX and TROJAN TROJAN Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE HORSE periodically try to execute and Norton Security Suite BLOCKS them all Along with these four about files are also blocked all associated - fpq tmp TROJAN HORSE fpq b tmp HACKTOOL ROOTKIT fpq c tmp TROJAN HORSE fpq a tmp TROJAN PANDEX fpq f tmp TROJAN HORSE fpq e tmp TROJAN VUNDO etc I am presently running Norton Security Suite F-PROT Antivirus IObit Security SpyBot-SD Resident SuperAntiSpyware Malwarebytes and Secunia PSI These will not eliminate the infections This PC is a neighbor s which originally had the Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE Windows firewall OFF and greyed out Firefox Google Hijack and the following infections which are all now repaired -- HIJACK WINDOWSUPDATE Hiloti B gen Eldorado Trojan HZYZ WORM BDQA TROJAN AGENT APHZ ROGUE AGENT GEN-NULLO dll WORM BLAH I mention these to provid a little background info There were about Windows Updates that were blocked but now installed Thanks in advance for your assistance DDS Ver - - - NTFSx Run by Leah at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Norton Security Suite On-access scanning enabled Updated E A - - -B - C C F AV F-PROT Antivirus for Windows On-access scanning enabled Updated F BAFFE-D - DC -ACF - FDF FB C FW Norton Security Suite enabled C A C -F F- AC -B -A E C F Running Processes C WINDOWS system svchost -k DcomLaunchC WINDOWS system svchost -k rpcssC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exe -k netsvcsC WINDOWS System svchost exe -k NetworkServiceC WINDOWS System svchost exe -k LocalServiceC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Sony HotKey Utility HKserv exeC Program Files Wireless Desktop LgWDskTp exeC WINDOWS System ezSP Px exeC Program Files Sony VAIO Update VAIOUpdt exeC Program Files sony vaio media integrated server Platform VMConsole exeC Program Files FRISK Software F-PROT Antivirus for Windows FProtTray exeC Program Files iTunes iTunesHelper exeC Program Files IObit IObit Security IS tray exeC Program Files Windows Defender MSASCui exeC Program Files Common Files Java Java Update jusched exeC Program Files Messenger MSMSGS EXEC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS System svchost exe -k LocalServiceC Program Files sony usbsircs usbsircs exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Microsoft Office Office OLFSNT EXEC Program Files Sony Giga Pocket ReserveModule exeC Program Files Bonjour mDNSResponder exeC Program Files Secunia PSI psi exeC Program Files FRISK Software F-PROT Antivirus for Windows FPAVServer exeC Program Files Yahoo Widgets YahooWidgets exeC Program Files Sony Giga Pocket shwserv exeC Program Files Sony Giga Pocket gps exeC Program Files Yahoo Widgets YahooWidgets exeC Program Files Yahoo Widgets YahooWidgets exeC Program Files Yahoo Widgets YahooWidgets exeC Program Files IObit IObit Security IS srv exeC Program Files Google Update GoogleUpdate exeC Program Files Java jre bin jqs exeC Program Files Norton Security Suite Engine ccSvcHst exeC WINDOWS System svchost exe -k imgsvcC Program Files Common Files Sony Shared VAIO Entertainment VzCdb VzFw exeC Program Files Sony vaio media integrated server VMISrv exeC Program Files Sony vaio media integrated server Video GPVSvr exeC Program Files Sony vaio media integrated server Platform SV Httpd exeC Program Files Sony vaio media integrated server Platform UPnPFramework exeC Program Files Sony vaio media integrated server Platform SV Httpd exeC Program Files Sony vaio me... Read more

A:Infected with HACKTOOL.ROOTKIT TROJAN.VUNDO TROJAN.PANDEX and TROJAN HORSE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/321371/infected-with-hacktoolrootkit-trojanvundo-trojanpandex-and-trojan-horse/
Relevancy 44.29%

I have done all the preparatory actions AVG Antispyware tells me I am infected with Trojan Small fb but cannot remove it Spy Doctor scan shows Trojan Downloader Ruins amd Trojan DNS Changer Here is my HijackThis log Can anyone help please Logfile of HijackThis v Scan Changer Trojan.small.fb, Infected With Trojan.downloader.ruins, Trojan.dns saved at on Platform Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS System SCardSvr exeC PROGRA Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer COMMON AOL ACS AOLacsd exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC Program Files Home Cinema PowerCinema Kernel TV CLCapSvc exeC Program Files CyberLink Shared Files CLML NTService CLMLServer exeC Program Files CyberLink Shared Files CLML NTService CLMLService exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeC WINDOWS Dit exeC WINDOWS system RunDll exeC PROGRA Medion KeyStat KeyStat exeC WINDOWS AGRSMMSG exeC Program Files Home Cinema PowerDVD PDVDServ exeC Program Files Home Cinema PowerCinema PCMService exeC Program Files Common Files AOL ACS AOLDial exeC Program Files QuickTime qttask exeC PROGRA COMMON AOL AOLSPY AOLSP Scheduler exeC Program Files Musicmatch Musicmatch Jukebox MMDiag exeC Program Files Lexmark Series lxcemon exeC Program Files Lexmark Series ezprint exeC Program Files Common Files Real Update OB realsched exeC Program Files Grisoft AVG Anti-Spyware avgas exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Musicmatch Musicmatch Jukebox mim exeC Program Files Messenger msmsgs exeC Program Files Ulead Systems Ulead Photo Express SE CalCheck exeC Program Files Home Cinema PowerCinema Kernel TV CLSched exeC Documents and Settings Allanspc My Documents lotus register remind exeC WINDOWS system wbem wmiprvse exeC PROGRA COMMON X Common x nets exeC WINDOWS system lxcecoms exeC WINDOWS System alg exeC Program Files Internet Explorer IEXPLORE EXEC PROGRA WINZIP winzip exeC Documents and Settings Allanspc My Documents Unzipped hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www madasafish com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www medion com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - Toolbar AOL Toolbar - D A-C B- -B B-B B E D C - C Program Files AOL Toolbar toolbar dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run Dit Dit exeO - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exeO - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWndO - HKLM Run Keyboard Status C PROGRA Medion KeyStat KeyStat exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run RemoteControl quot C Program Files Home Cinema PowerDVD PDVDServ exe quot O - HKLM Run PCMService quot C Program Files Home Cinema PowerCinema PCMService exe quot O - HKLM... Read more

A:Infected With Trojan.small.fb, Trojan.downloader.ruins, Trojan.dns Changer

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout http://downloads.subratam.org/Fixwareout.exeorhttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )Fix these with HJT ? mark them, close IE, click fix checkedO17 - HKLM\System\CCS\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{8269A184-3C5F-41F7-A7E9-581E273A2475}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{C0DCAED8-AC99-4371-811A-DDA8BF12F7D8}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{FD6801D5-625E-482E-AA33-1FD2EB1B2544}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{05F2BA51-171A-4B1D-AE5F-B8515E38E241}: NameServer = 85.255.115.18,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.18 85.255.112.61If you have connection problems after this* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .? Double-click the Network Connections icon? Right-click the Local Area Connection icon and select Properties.? Hilight Internet Protocol (TCP/IP) and click the Properties button.? Be sure Obtain DNS server address automatically is selected.? OK your way out.* Go to Start > Run and type in cmd? Click OK.? This will open a commad prompt.? Type or copy and paste the following line in the command window:ipconfig /flushdns? Hit Enter? Exit the command windowDo that before you restart.=============At the end of the fix, you may need to restart your computer again.Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log. ==================================If you get an Autoexec nt error do the followingXP Fix - http://www.visualtour.com/downloads/ Scroll down to get XP FixAnd run FixWareout again.

http://www.bleepingcomputer.com/forums/t/70439/infected-with-trojansmallfb-trojandownloaderruins-trojandns-changer/
Relevancy 44.29%

I'm was infected with Virtumonde because I had the pop-up window with saying I was infected with the one With Trojan.linun, Trojan-downloader-conhook, And Infected Trojan.virtumod virus that it says and then Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod lead you to another site with a virus scan but I got rid of those I think The problem that I am having is something is changing my programs so they do not work like Lava soft Ad-aware when Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod I tried starting it the computer would restart on it own and do it everytime I tried starting it I ran VundoFix and that seemed to fix most of Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod my problems but when I ran SpySweeper it still says that I have a Trojan-Downloader-Conhook Adware Zeno search assistant enbrowser sidebyside search and a spycookie Aff cookie My internet is still acting funny like when I try to play games on Pogo it says Applet s in this HTML page requires a version of Java different from the one the browser is currently using In order to run the Applet s in the HTML page a new browser session is required Close all the Netscape browser sessions and start a new browser section to run the HTML page which never came up before I had these Trojans Why did McAfee Internet Security stop these problems Everytime I run my virus scan it says I am clean as well as spybot and ad-aware The only one that says I have a problem is SpySweeper Any suggestions would be greatly appreciated sorry if I sound a little confused on what the problem is but I am tired to trying to figure this out thanks it advance Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS SOUNDMAN EXEC WINDOWS ALCWZRD EXEC WINDOWS zHotkey exeC Program Files Digital Media Reader shwiconem exeC PROGRA Yahoo browser ybrwicon exeC Program Files Common Files AOL ACS AOLDial exeC Program Files Common Files AOL ee AOLSoftware exeC PROGRA mcafee com vso mcvsshld exeC PROGRA mcafee com agent mcagent exec progra mcafee com vso mcvsescn exeC PROGRA mcafee com mps mscifapp exeC PROGRA McAfee SPAMKI MSKAgent exeC PROGRA Yahoo browser ycommon exeC PROGRA McAfee com PERSON MpfTray exeC Program Files Java jre bin jusched exeC Program Files Messenger msmsgs exeC Program Files Creative MediaSource Detector CTDetect exeC Program Files Microsoft Office Office FINDFAST EXEC Program Files Microsoft Office Office OSA EXEC PROGRA McAfee com PERSON MpfAgent exec program files common files aol ee services antiSpywareApp ver AOLSP Scheduler exec program files common files aol ee aolsoftware exeC PROGRA COMMON AOL ACS AOLacsd exeC WINDOWS system CTsvcCDA EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exec program files mcafee com agent mcdetect exec PROGRA mcafee com agent mctskshd exec PROGRA mcafee com vso mcvsrte exeC PROGRA McAfee com PERSON MPFSERVICE exeC PROGRA McAfee SPAMKI MSKSrvr exec progra mcafee com vso mcvsftsn exeC Program Files Webroot Spy Sweeper WRSSSDK exec PROGRA mcafee com vso mcshield exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Program Files Internet Explorer iexplore exeC Hijackthis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - Default URLSearchHook is missingF - REG system ini UserInit C WINDOWS system Userinit exeO - BHO McBrwHelper Class - B AA -DAF - -BD D- F BCB... Read more

A:Infected With Trojan-downloader-conhook, Trojan.linun, And Trojan.virtumod

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

http://www.bleepingcomputer.com/forums/t/49358/infected-with-trojan-downloader-conhook-trojanlinun-and-trojanvirtumod/
Relevancy 44.29%

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/t/235145/infected-with-trojanvirtumondetrojan-downloaderagentogp-help-me-in-removing-the-trojan/
Relevancy 44.29%

This is a business computer and it is very important that it runs properly been having issues with it for a and Trojan computer Downloader.MDW, infected Business with Trojan/CI.A, Trojan Generic week now I have tried running several Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan anti-virus programs to no avail Currently using Panda but used some other free Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan software like AVG etc Hoping you Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan can help me here is the hijackthis logLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Panda Security Panda Antivirus Pro TPSrv exeC PROGRAM FILES PANDA SECURITY PANDA ANTIVIRUS PRO WebProxy exeC WINDOWS system spoolsv exeC Program Files Broadcom ASFIPMon AsfIpMon exeC Program Files Citrix GoToMyPC g svc exeC WINDOWS system svchost exeC Program Files Citrix GoToMyPC g comm exeC Program Files Panda Security Panda Antivirus Pro PsCtrls exeC Program Files Panda Security Panda Antivirus Pro PavFnSvr exeC Program Files Citrix GoToMyPC g pre exeC Program Files Common Files Panda Security PavShld pavprsrv exeC Program Files Panda Security Panda Antivirus Pro PsImSvc exeC Program Files Citrix GoToMyPC g tray exeC Program Files Panda Security Panda Antivirus Pro PskSvc exeC Program Files Panda Security Panda Antivirus Pro pavsrv exeC WINDOWS Explorer EXEC Program Files Panda Security Panda Antivirus Pro AVENGINE EXEC Program Files Panda Security Panda Antivirus Pro ApvxdWin exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Java jre bin jusched exeC Program Files Analog Devices Core smax pnp exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files QuickTime qttask exeC Program Files Dell Support DSAgnt exeC Program Files Messenger msmsgs exeC Program Files GetModule GetModule exeC Program Files Citrix ICA Client pnagent exeC WINDOWS system svchost exeC Program Files Mozilla Firefox firefox exeC WINDOWS system rundll exeC Program Files Mozilla Firefox firefox exeC Program Files Internet Explorer iexplore exeC Program Files Panda Security Panda Antivirus Pro IFACE EXEC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www xpiron com schedule ehitcR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd O - Toolbar no name - BF - F - - - FE E AA - no file O - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Persistence C WINDOWS system igfxpers exeO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run KernelFaultCheck systemroot system dumprep -kO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run GoToMyPC quot C Program Files Citrix GoToMyPC g svc exe quot -logonO - HKLM Run APVXDWIN quot C Program Files Panda Security Panda Antivirus Pro APVXDWIN EXE quot sO - HKLM Run SCANINICIO quot C Program Files Panda Security Panda Antivirus Pro Inicio exe quot O - HKCU Run DellSupport quot C Program Files Dell Support DSAgnt exe q... Read more

A:Business computer infected with Trojan/CI.A, Trojan Downloader.MDW, and Generic Trojan

Hi,This is a business computer and it is very important that it runs properlyNot sure if you're aware how severly infected this computer is.Since you are posting a log from a Company owned computer... There are a few things that need attention first before we proceed with this..* You must inform your Supervisor immediately.This because of:Most company machines are connected into a network at some time or other, and your infection may compromise the security of that network.If sensitive material is compromised by an infection, your company could be held liable.* Your Company must give permission for us to give you assistance.This because of:We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.There may be sensitive material on your computer that your company would not want revealed in an open forum.Also, since this is a computer used at work - the first thing I always advise is to back up important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.But, ESPECIALLY since this is a business computer and it's so severly infected - the only responsible action is a format and reinstall. This because the malware you are currently dealing with (backdoors and rootkit included) already compromised and damaged your computer. It also collected important info such as passwords in a meanwhile as well. And if you want to clean this up manually, there's no guarantee that you can trust this computer again even though logs won't show anything anymore and scanners come up clean.Plus, on top, malware damages a lot.That's why most ITpeople who are taking care of businesscomputers, format and reinstall anyway, since that's actually the best and especially the safest solution.Also, since this is a business computer, it's normal that backups are taken at least once a week - so I assume you have backups as well.Anyway, let me know what you decide. If you want to deal with this manually; then I'll guide you (but don't expect miracles).

http://www.bleepingcomputer.com/forums/t/200156/business-computer-infected-with-trojancia-trojan-downloadermdw-and-generic-trojan/
Relevancy 44.29%

Hello Problem description Noticed that the Microsof Security Essentials suite and the firewall was disabled and could not be restarted quot The specified service does not exist as an installed program quot after uninstalling / / Trojan.Sirefef Infected Trojan.0access Trojan.Dropper.BCMiner with and reinstalling the MSE application the computer would boot and almost immediately shut down a dialog box would warn of shut-down in minute I did a restore and the shut-down warning stopped Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef but MSE was disabled again and uninstalling reinstalling would produce the same problem Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef Next step was to download and run Malwarebytes - log as follows Malwarebytes Anti-Malware www malwarebytes org Database version v Windows Service Pack x NTFS Internet Explorer CC CC -PC administrator AM mbam-log- - - - - txt Scan type Quick scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Windows assembly GAC Desktop ini Trojan access - gt Delete on reboot C Windows Installer c - f- f-a -b d U Trojan Dropper BCMiner - gt Quarantined and deleted successfully C Windows Installer c - f- f-a -b d U Trojan Sirefef - gt Quarantined and deleted successfully end This produces the trojan files above - after rebooting to quot remove quot the files they appear again on the next scan after the reboot And so the cycle continues which is why I am here Any help would be greatly appreciated - I have seen that you have helped someone get out of a similar jam but I am concerned the instructions are too specific and could harm my system Thanks in advance -- Richard DDS Ver - - - NTFSx Internet Explorer Run by CC at on - - Microsoft Windows Professional GMT - AV Microsoft Security Essentials Disabled Updated EA - D C- DFB- - E E F F SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Microsoft Security Essentials Disabled Updated C BB - B - - A - B A B B Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files Wave Systems Corp Trusted Drive Manager TdmService exe C Program Files Common Files Adobe ARM armsvc exe C Program Files Microsoft BingBar BBSvc exe C Program Files Microsoft BingDesktop BingDesktopUpdater exe C Windows system DKabcoms exe C Windows System svchost exe -k LocalServiceNoNetwork C Program Files Microsoft Application Virtualization Client sftvsa exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Microsoft Application Virtualization Client sftlist exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Common Files Microsoft Shared Virtualization Handler CVHSVC EXE C Windows system Dwm exe C Windows Explorer EXE C Windows system taskhost exe C Program Files Realtek Audio HDA RtDCpl exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Wave Systems Corp Services Manager DocMgr bin WavXDocMgr exe C Program Files Dell Dell ControlPoint Security Manager BcmDeviceAndTaskStatusSer... Read more

A:Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]now press the search button[*]when the search is complete, search.txt will also be written to your USB[*]type exit and reboot the computer normally[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

http://www.bleepingcomputer.com/forums/t/460904/infected-with-trojan0access-trojandropperbcminer-trojansirefef/
Relevancy 44.29%

Deckard's System Scanner v Run by rodneybailey on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed Norton Security Scan - - UTC - RP - Installed Windows Internet Explorer - Trojan.poison...and 007spyware, Adduser, More. With: Trojan.clicker.ec, Trojan Infected - UTC - RP - Installed Windows IDNMitigationAPIs - - UTC - Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More. RP - Installed Windows NLSDownlevelMapping -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as rodneybailey exe ----------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS System ezSP Px exeC Program Files iTunes iTunesHelper exeC Program Files SiteAdvisor SiteAdv exeC WINDOWS system Rundll exeC WINDOWS system rundll exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system ctfmon exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Command Software dvpapi exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC WINDOWS System HPZipm exeC Program Files SiteAdvisor SAService exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS System svchost exeC Program Files Symantec AntiVirus Rtvscan exeC Program Files Common Files Sony Shared VAIO Entertainment VzCdb VzFw exeC PROGRA McAfee com Agent mcagent exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files iPod bin iPodService exeC WINDOWS system ntvdm exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system wscntfy exeC PROGRA McAfee VIRUSS mcods exeC Program Files AV av exeC Documents and Settings rodneybailey Desktop dss exeC PROGRA McAfee com Agent mcupdate exeC PROGRA TRENDM HIJACK rodneybailey exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dllO - BHO b d - f -fe - e -c f c abce - ecba c- f c- e - ef- f d b - C WINDOWS system vivbul dllO - BHO no name - F F CFA- FF- E -B F- F ABB B - C WINDOWS system hgGYRLeb dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dllO - HKLM Run ezShieldProtector for Px C WINDOWS System ezSP Px exeO... Read more

A:Infected With: Trojan Adduser, 007spyware, Trojan.clicker.ec, Trojan.poison...and More.

Hello WebDept, Sorry for the delay. We have many logs backed up. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

http://www.bleepingcomputer.com/forums/t/160819/infected-with-trojan-adduser-007spyware-trojanclickerec-trojanpoisonand-more/
Relevancy 44.29%

Hello I am so new to all of these I already searched for the removal of these viruses and read in a lot of forums All of these forums have logs etc involving the precious system files I don t even understand the logs and I have read instruction on how to remove these but they do not guarantee anything I am afraid that the PC might malfunction and be sent to the Repair Shop again It just got sent days ago I ran Malwarebyte s Anti-Malware and scanned my computer and Trojan.agent, With Trojan.vundo, Malware.trace Trojan.bho, Infected found infections It shows the option that removes the selected files but I m afraid because these files are categorized as Registry Keys Registry Values Memory Modules and Registry Datas Should I delete them anyway And so I want a professional expert etc in all of these since I am such a sucker to all of these virus removal stuff I want that pro to walk with me through all of these From the very first step to the very last and that is when the virus will be wiped out Please help

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/161986/infected-with-trojanvundo-trojanbho-trojanagent-malwaretrace/
Relevancy 43.43%

Avast first alerted me to an infection which I quarantined called Win malware gen I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan I have done this several times and Malwarebytes continues to find infected dll files described as TROJAN HILOTI GEN TROJAN AGENT and TROJAN VUNDO I followed all the TROJAN with Infected AGENT, TROJAN.HILOTI.GEN, TROJAN VUNDO prescribed methods from this website from here http www bleepingcomputer com virus-remo undo-virtumondeNeither Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO Vundo Fix or VirtumundoBegone found anything Malwarebytes keeps finding dll files every time I run it Note I had to rename the mbam exe file in order to run it I could download it but it wouldn't run unless it was named something else I am now following the instructions from here http www bleepingcomputer com forums t preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help Note I can not run GMER without my machine crashing so I can not attach the required ark txt log Finally once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it I would appreciate any help on this I'm at the end of my rope I've been trying to eradicate this for days now All my important files have been burned on a CD-R so I am willing to nuke the whole drive OS if that is required Thanks in advance and I hope to hear from someone soon So I will now post the DDS txt report as requested and I have attached the Attach txt file please note I deleted my full name that prefixed in front of chrome objects DDS Ver - - - NTFSx Run by at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Spyware Doctor with AntiVirus On-access scanning enabled Updated D C B -C DC- F- EF - AF A EFF AV avast Antivirus On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system ibmpmsvc exeC WINDOWS system svchost -k DcomLaunchC WINDOWS system svchost -k rpcssC Program Files Trusteer Rapport bin RapportMgmtService exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k NetworkServiceC WINDOWS system svchost exe -k LocalServiceC Program Files Alwil Software Avast AvastSvc exeC WINDOWS system spoolsv exeC WINDOWS system svchost exe -k LocalServiceC Program Files LENOVO HOTKEY TPHKSVC exeC WINDOWS system IPSSVC EXEC Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exeC WINDOWS system acs exeC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Diskeeper Corporation Diskeeper DkService exeC Program Files ThinkPad Utilities DOZESVC EXEc WINDOWS Microsoft NET Framework v WPF PresentationFontCache exeC Program Files Google Update GoogleCrashHandler exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Common Files Lenovo tvt reg monitor svc exeC Program Files Spyware Doctor pctsTray exeC WINDOWS system TpKmpSVC exeC Program Files Lenovo Client Security Solution tvttcsd exeC WINDOWS system rundll exeC Program Files Lenovo Rescue and Recovery rrservice exeC Program Files Synaptics SynTP SynTPEnh exeC PROGRA ThinkPad UTILIT EzEjMnAp ExeC WINDOWS system TpShocks exeC Program Files Lenovo HOTKEY TPOSDSVC exeC WINDOWS system igfxpers exeC PROGRA THINKV PrdCtr LPMGR exeC Program Files Common Files Lenovo Scheduler tvtsched exeC PROGRA THINKV AMSG Amsg exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Lenovo HOTKEY TPONSCR exeC WINDOWS System DLA DLACTRLW EXEC Program Files Lenovo Zoom TpScrex exeC Program Files Lenovo Rescue and Recovery ADM IUService exeC Program Files ThinkPad Utilities PWMDBSVC EXEC Program Files Lenovo AwayTask AwaySch EXEC Program Files Common Files Lenovo Scheduler scheduler proxy exeC Program Files Lenovo Cl... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/340793/infected-with-trojanhilotigen-trojan-agent-trojan-vundo/
Relevancy 43.43%

I am fairly new to this process so I hope I do this correctly I have Spybot S amp D and just downloaded Malbytes They both seem to help somewhat but cannot remove reader s exe or services exe I am experiencing internet popups and redirects the Windows firewall is disabled as is my Symantec antivirus There is a login screen when I start Trojan.Downloader? Trojan.Agent, with Trojan.FakeAlert.H, Infected Windows XP that did not used to be there I am getting number of random error messages and Malbytes is sometimes deleted and I have to reinstall it Also random tmp files seem to popup Thanks in advance for any help you can provide DDS Ver - - - NTFSx Run by Jordan at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Symantec AntiVirus Corporate Edition On-access scanning disabled Updated FW Norton Internet Worm Protection disabled FW ActiveArmor Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C Program Files Java jre bin jusched exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Bonjour mDNSResponder exe Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader? C Program Files Symantec AntiVirus DefWatch exe C Program Files Java jre bin jqs exe C WINDOWS system PnkBstrA exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe svchost exe C WINDOWS TEMP VRT tmp C WINDOWS TEMP VRT tmp C WINDOWS System reader s exe C Program Files Mozilla Firefox firefox exe C Program Files Internet Explorer IEXPLORE EXE C Documents and Settings Jordan Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig hl en uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader? d be b - c program files adobe acrobat activex AcroIEHelper dll BHO d b - - d -a - d daefd da - No File BHO df - f - b b-a f-ea d c f - No File BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO e c - e- b b-ab -b c b b ff - No File BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO bb -ee b- c -b a - c f d e d - No File BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB B EAC - D - B E- B -A C A A - No File uRun ctfmon exe c windows system ctfmon exe mRun nwiz nwiz exe install mRun CTXFIREG CTxfiReg exe mRun Symantec PIF AlertEng quot c program files common files symantec shared pif b e dd - - c -b f- f fca a pifsvc exe quot a m quot c program files common files symantec shared pif b e dd - - c -b f- f fca a AlertEng dll quot mRun ccApp quot c program files common files symantec shared ccApp exe quot mRun vptray c progra symant VPTray exe mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRu... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop. <<mirror>>Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output resultsPost me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/204716/infected-with-trojanfakealerth-trojanagent-trojandownloader/
Relevancy 42.14%

1. My HP P dv4 2045, Windows 7 Home Premium w/Service Pak 1,64 Bit, with Symantec End Point Protection VER 12.1.1000.157 RU1 is infected with Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen.

a. I can't even get on the internet, having to use my wifes machine!
b. I followed instructions provided at your This Guide link.
c. The only thing I did different is I turned off my antivirus until I finished running Defogger and DDS. Interestingly, I tried to get on the net and was able to but was be redirected so i got off and enabled my antivirus again.

2. I was able to get both the DDS.txt and Attach.txt and the are attached.

3. Original Post: http://www.bleepingcomputer.com/forums/topic464429.html/page__pid__2798030#entry2798030

EM

A:Infected w/Trojan.Zeroaccess.B and Trojan.Gen2 and Trojan.Gen

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/464560/infected-wtrojanzeroaccessb-and-trojangen2-and-trojangen/
Relevancy 41.71%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
Regards,
Georgi

http://www.bleepingcomputer.com/forums/t/531235/infected-with-mutliple-malware-cidoxtrojan-spywin32zbotinfected-svchostexe/
Relevancy 41.71%

I was at a hotel a few weeks ago and afterwards firefox kept redirecting me to ad sites I ran Microsoft Security Essentials and detected and removed partially a program called Nimda but the redirects continued None of my security software indicated any other problem and the redirects seemed to be to fairly harmless sites so I figured I d wait for my programmer brother to get home pc with infected with has unknown others rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, far trojan/malware, and Infected so for thanksgiving to fix the issue Today firefox redirected to a site with the words quot please wait loading quot I immediately closed out but my computer was already infected A program called quot privacy exe quot in taskmanager started up- it s your typical faux-security program that prompts you to Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far quot clean your computer quot presumably by downloading all kinds of other awful crap This particular program kept closing down taskmanager after a couple seconds every time Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far I tried to open it automatically closed security essentials closed all my other background programs and wouldn t let me open hijackthis or firefox I restarted in safe mode and ran security essentials which found and removed something called quot VirTool JS Obfuscator CE quot then restarted normally but the situation hadn t changed After some trying I was able to Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far open taskmanager and manually shut down quot privacy exe quot before it shut me out and that s as far as I ve gotten Keep in mind when reading my DDS log that I shut this program down already because it prevents me from doing anything at all on my pc One other weird thing- I ran hijackthis which gave me the following message before displaying my log quot For some reason your system denied write access to the Hosts file If any hijacked domains are in this file HijackThis may NOT be able to fix this If that happens you need to edit the file yourself To do this click Start Run and type notepad C windows System drivers etc hosts and press Enter Find the line s HijackThis reports and delete them Save the file as hosts with quotes and reboot quot I followed the instructions since I suspected that was the source of my browser redirect issues but my system claims the file in question named hosts new is read only when I try to save over it I opened up file properties and quot read-only quot is not checked Here s the DDS log DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Evan at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF FW Trend Micro Personal Firewall Disabled A CD - D-A -A E- DEE EDB B Running Processes C windows system wininit exe C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS c Program Files Microsoft Security Client Antimalware MsMpEng exe C windows System svchost exe -k LocalServiceNetworkRestricted C windows System svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k netsvcs C windows system svchost exe -k LocalService C windows system svchost exe -k NetworkService C windows system WLANExt exe C windows system conhost exe C windows System spoolsv exe C windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Adobe ARM armsvc exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C windows system svchost exe -k LocalServiceAndNoI... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

http://www.bleepingcomputer.com/forums/t/428279/infected-with-unknown-trojanmalware-has-infected-pc-with-roguewin32fakerean-virtooljsobfuscatorce-and-others-so-far/
Relevancy 41.28%

Hi everyone my name is Avi and I'm running XP service pack II I thought I was pretty good Computer Been Your With Infected Trojan.win32.pakes.czg/warning Has Infected... with computers since I've been playing with them since the era of Wing Commander and Star Control II and usually I can solve computer issues on my own However days ago I noticed that my background had changed to a blue screen that said quot Warning Spyware detected your computer quot and I repetively get a quot Blue screen of death quot notice on my computer which indicates that its about to shut down but then it just goes back into windows Infected With Trojan.win32.pakes.czg/warning Your Computer Has Been Infected... My system restore seems to have become disabled and the background and screensaver modes on my display menu are not working I have Kaspersky AV installed but I never installed the Kaspersky firewall cause i felt it slowed down my PC too much I am running the windows firewall though and I have adaware Please help me get my PC back to normal I ran the Deckard's Scan along with the Hijack This scan and I have included main txt and extra txt in this post Thanks so much Deckard's System Scanner v Run by Avishek on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point System Restore is disabled service is not running Backed up registry hives Performed disk cleanup System Drive C has GiB less than free -- HijackThis run as Avishek exe ---------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system CTsvcCDA EXEC WINDOWS System GEARSec exeC Program Files Intel Intel Matrix Storage Manager iaantmon exeC PROGRA McAfee com PERSON MpfService exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Viewpoint Common ViewpointService exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC WINDOWS Explorer EXEC WINDOWS stsystra exeC Program Files Intel Intel Matrix Storage Manager iaanotif exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS System DLA DLACTRLW EXEC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Common Files Logitech PDDriver LVCOMS EXEC WINDOWS system rundll exeC PROGRA McAfee com PERSON MpfTray exeC Program Files Common Files Real Update OB realsched exeC Program Files Dell AIO Printer A dlbabmgr exeC Program Files Napster napster exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files iTunes iTunesHelper exeC WINDOWS system lphcak j ep exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Creative Sync Manager Unicode CTSyncU exeC WINDOWS system ctfmon exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Microsoft ActiveSync wcescomm exeC Program Files Dell AIO Printer A dlbabmon exeC Program Files M PSNLite PsnLite exeC PROGRA MI AA rapimgr exeC PROG... Read more

A:Infected With Trojan.win32.pakes.czg/warning Your Computer Has Been Infected...

Hello Ice9996 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/152240/infected-with-trojanwin32pakesczgwarning-your-computer-has-been-infected/
Relevancy 41.28%

Hello I am new and hope I am in the Keep I Message Have Infected With Etc Says Zlobtrojan Warning Trojan.fakealert, Getting By Infected That Been Other correct Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc forum If not please direct me to the right place I am going nuts here I am running Windows Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc XP I keep getting an extremely annoying warning message Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc which says the following There is an quot x quot in red beside the message quot Your System was infected by zlob trojan It's very dangerous for your system critical data can be lost Click OK to download the antimalware application to clean your hard disk Recommended quot So you can see it looks very official It is constantly popping up especially when I used internet explorer but not when I use Mozilla Firefox When I click OK it goes to setup exe and says that the application is from I am afraid to click on the setup exe because I figure it is trying to sell me something I have Norton Antivirus which I keep updated but it says it has taken care of all the potential problems of adware and trojans but this popup continues I downloaded Avgfree and Spybot Search amp Destroy and they say everything is cleaned up too but the pop up continues I have done scan using other programs such as SpyDoc and among other things they say I have Trojan FakeAlertTrojan GenericApplication NirCmdAdware BHO GENI ran HiJackthis and this is what it said Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system spoolsv exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system drivers CDAC BA EXEC WINDOWS system CTsvcCDA EXEC WINDOWS Explorer EXEC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system MsPMSPSv exeC Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exeC WINDOWS system Rundll exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS System DLA DLACTRLW EXEC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files Symantec Shared ccApp exeC Program Files HP Wireless Button Laser Mouse KMaestro exeC PROGRA Grisoft AVG avgcc exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Yahoo Messenger ymsgr tray exeC WINDOWS System alg exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Spyware Doctor pctsTray exeC Program Files Mozilla Firefox firefox exeC WINDOWS system wuauclt exeC Program Files Microsoft Office Office WINWORD EXEC DOCUME JOANHA LOCALS Temp Temporary Directory for HiJackThis zip HijackThis exeC Documents and Settings Joan Hawse Desktop HiJackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKLM Software Microsoft Internet Explo... Read more

A:Keep Getting Warning Message That I Have Been Infected With Zlobtrojan Other Says Infected By Trojan.fakealert, Etc

Hi,I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").Doubleclick ResetTeaTimer.bat and let it run.This will only take a few seconds.I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and NortonNever install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Also,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Media Codec - {8B580E40-6B46-44C8-9E80-A5AD6E1D1035} - C:\WINDOWS\kiasys.dllO4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Joan Hawse\Local Settings\Temporary Internet Files\Content.IE5\QEE3YST3\install_sbd_en[1].exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO8 - Extra context menu item: &Search - ?p=ZRxdm429MFUS* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Reboot your computer.Then, navigate to and delete the following file if still present:C:\WINDOWS\kiasys.dllDon't worry if you can't find it anymore, because HijackThis should have deleted that file already.Then rescan with HijackThis and post a new log in your next reply.

http://www.bleepingcomputer.com/forums/t/140072/keep-getting-warning-message-that-i-have-been-infected-with-zlobtrojan-other-says-infected-by-trojanfakealert-etc/
Relevancy 41.28%

I am running Microsoft Security Essentials Malwarebytes Anti-Malware Superantispyware Professional I was running McAfee Security Suite when I got infected None of the programs find the infections except for Superantispyware It quarantines and deletes the infections I restart the computer and then when I run the scan again they are still there DDS Ver - - - NTFSx Internet Explorer Run by akparker at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B Trojan.Agent/Gen-PEC, Trojan.Downloader-Winlogon/FAS and with Trojan.Agent/Gen-IExplorer[Fake], Infected -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS D BDD SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Program Files NVIDIA Corporation Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS D Vision nvSCPAPISvr Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS exe C Windows system svchost exe -k RPCSS c Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Bonjour mDNSResponder exe C Program Files Common Files Portrait Displays Shared DTSRVC exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k hpdevmgmt C Windows System svchost exe -k HPZ C Program Files Common Files Portrait Displays Drivers pdisrvc exe C Windows System svchost exe -k HPZ C Program Files CyberPower PowerPanel Personal Edition ppped exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files Secunia PSI PSIA exe C Windows system svchost exe -k imgsvc C Windows system svchost exe -k LocalSystemNetworkRestricted C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Windows system DRIVERS xaudio exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system WUDFHost exe c Program Files Microsoft Security Client Antimalware NisSrv exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskhost exe C Windows RtHDVCpl exe C Program Files Logitech SetPointP SetPoint exe C Program Files Portrait Displays Pivot Software wpCtrl exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Common Files Java Java Update jusched exe C Program Files Gateway EzTune DTHtml exe C Program Files Microsoft IntelliType Pro dpupdchk exe C Program Files Microsoft Security Client msseces exe C Program Files Malwarebytes Anti-Malware mbamgui exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Portrait Displays Pivot Software floater exe C Program Files Common Files Portrait Displays Shared HookManager exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files NVIDIA Corporation Display nvtray exe C Program Files NETGEAR WG T wlancfg exe C Program Files Secunia PSI psi tray exe C Program Files Stickies stickies exe C Program Files Secunia PSI sua exe C Program Files Windows Media Player wmpnetwk exe C Users Aaron amp Jennifer AppData Local Google Chrome Application chrome exe C Windows system SearchIndexer exe C Windows System sv... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following

.logs from DDSlog from RKUnHookerlet me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/427329/infected-with-trojanagentgen-iexplorerfake-trojanagentgen-pec-and-trojandownloader-winlogonfas/
Relevancy 41.28%

Hi My son downloaded a video codec amp By Was System Error! Infected Trojan An Unknown Your (trojan.downloader.codec.e?) Computer unwittingly installed a trojan popup Trojan Downloader Codec E which appears whenever you move around in windows explorer or open a new page in internet explorer I have tried to get rid of it but failed and I would appreciate your help I have followed the preparation instructions and Bit Defender found a trojan it couldn't delete in msvidc dll I am reluctant to try and remove this myself without your advice Below is the Bit Defender report followed by System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?) the Hijack This reportchrisssScanned File Status C Documents and Settings Chris housecall Quarantine msvidc dll bac a gt Quarantine- Infected with Trojan Downloader Codec E C Documents and Settings Chris housecall Quarantine msvidc dll bac a gt Quarantine- Disinfection failed C Documents and Settings Chris housecall Quarantine msvidc dll bac a gt Quarantine- Deleted C Documents and Settings Chris Local Settings Temp G D-tmp i exe Infected with Trojan Downloader Codec E C Documents and Settings Chris Local Settings Temp G D-tmp i exe Disinfection failed C Documents and Settings Chris Local Settings Temp G D-tmp i exe Deleted C WINDOWS Downloaded Program Files f initialsetup inf Detected with Application MWS C WINDOWS Downloaded Program Files f initialsetup inf Deleted C WINDOWS msvidc dll Infected with Trojan Downloader Codec E C WINDOWS msvidc dll Disinfection failed C WINDOWS msvidc dll Delete failed Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeG Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system bgsvcgen exeC WINDOWS system CTsvcCDA EXEC WINDOWS system svchost exeC WINDOWS system Rundll exeC Program Files Java jre bin jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files Grisoft AVG Anti-Spyware avgas exeC PROGRA Grisoft AVG avgcc exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS VM STI EXEG Program Files Creative MediaSource Detector CTDetect exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS System svchost exeG Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files FinePixViewer QuickDCF exeC Program Files Windows Live Messenger usnsvc exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page www google co ukR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C PROGRA Skype Phone IEPlugin SKYPEI DLLO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E ... Read more

A:System Error! Your Computer Was Infected By An Unknown Trojan (trojan.downloader.codec.e?)

Hello chrisss,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of the SmitfraudFix report into your next reply along with a new HijackThis log. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background.

http://www.bleepingcomputer.com/forums/t/132916/system-error-your-computer-was-infected-by-an-unknown-trojan-trojandownloadercodece/
Relevancy 41.28%

http://www.bleepingcomputer.com/forums/t/176020/avg-error-after-trojan-removalhijack-file/

A:AVG error after trojan removal/hijack file, was infected with trojan horse psw.agent.vqa

Helped here, closed.

http://www.bleepingcomputer.com/forums/t/177597/avg-error-after-trojan-removalhijack-file-was-infected-with-trojan-horse-pswagentvqa/
Relevancy 41.28%

I have been infected with trojans: Trojan.Fakealert, Adware.Vomba, Trojan.BHO, with Infected Fake.SystemTool some serious trojansMBAM Scan results identified these viruses trojans Trojan BHO - file Adware Vomba - Registry KeyTrojan Fakealert - Registry KeyFake SystemTool - Registry ValueFake Infected with trojans: Trojan.BHO, Adware.Vomba, Trojan.Fakealert, Fake.SystemTool SystemTool - FileFake SystemTool - Registry Value- - - - - - Infected with trojans: Trojan.BHO, Adware.Vomba, Trojan.Fakealert, Fake.SystemTool - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Here's what I am getting - A fake program quot Antivirus System Pro quot runs on startup now- gives repeated popups anytime I try to run a program even Task Manager amp svchost exe quot Security Warning quot - popup alert in bottom right corner that says quot Antivirus System Pro alertINFILTRATION ALERTYour computer is being attacked by an internet Virus It could be a password-stealing attack a trojan- dropper or similar DETAILSattack from port quot here's my malwarebytes log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Malwarebytes' Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CURRENT USER SOFTWARE advantage Adware Vomba - gt No action taken HKEY CURRENT USER SOFTWARE AvScan Trojan FakeAlert - gt No action taken Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run System Tool Fake SystemTool - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Run System Tool Fake SystemTool - gt No action taken Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C WINDOWS system iehelper dll Trojan BHO - gt No action taken C Program Files cgpimw tixrsysguard exe Fake SystemTool - gt No action taken - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - please let me know if you need anything else Thanks

A:Infected with trojans: Trojan.BHO, Adware.Vomba, Trojan.Fakealert, Fake.SystemTool

never mind. problem solved now. MalwareBytes Anti-Malware successfully quarantined the trojans.

[CLOSE TOPIC.]

http://www.bleepingcomputer.com/forums/t/264719/infected-with-trojans-trojanbho-adwarevomba-trojanfakealert-fakesystemtool/
Relevancy 41.28%

i dont know what is wrong maby they tie together but i need sercurity and and by toolbar 7.2 trojan.dowloader.contravirus infected zlob.trojan some help Logfile of infected by zlob.trojan and trojan.dowloader.contravirus and sercurity toolbar 7.2 Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files McAfee com Agent mcagent exe C Program Files DU Meter DUMeter exe infected by zlob.trojan and trojan.dowloader.contravirus and sercurity toolbar 7.2 C Program Files DU Meter DUMeterSvc exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Program Files Mozilla Firefox firefox exe C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS system taskmgr exe C WINDOWS System svchost exe C Program infected by zlob.trojan and trojan.dowloader.contravirus and sercurity toolbar 7.2 Files Grisoft AVG Anti-Spyware guard exe C Program Files Grisoft AVG Anti-Spyware avgas exe C PROGRA McAfee VIRUSS mcshield exe C WINDOWS Fonts svchost exe C WINDOWS Fonts svchost exe C Program Files McAfee MSC mcshell exe C PROGRA McAfee VIRUSS mcods exe c PROGRA mcafee VIRUSS mcvsshld exe C Program Files Trend Micro HijackThis crusty exe C WINDOWS explorer exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www wildblue net O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - CECF -F C - BF - B A- CE A DB - C WINDOWS system ssqpm dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dll O - BHO no name - A B - D E- -A - C DE A - C WINDOWS system uyxuwzzp dll O - BHO no name - BBB D E- - D-A BF-D F B A - C WINDOWS system mljghij dll O - Toolbar Security Toolbar - A AE -FBED- -A BF- AF - C WINDOWS system uyxuwzzp dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run mcagent exe C Program Files McAfee com Agent mcagent exe runkey O - HKLM Run SpyHunter C Program Files Enigma Software Group SpyHunter SpyHunter exe O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run Host Process C WINDOWS Fonts svchost exe O - HKCU Run MSMSGS quot C Program Files Messenger MSMSGS EXE quot background O - HKCU Run DU Meter C Program Files DU Meter DUMeter exe O - HKCU Run EPSON Stylus C Series C WINDOWS System spool DRIVERS W X E A IC EXE P quot EPSON Stylus C Series quot O quot LPT quot M quot Stylus C quot O - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe O - Global Startup WinZip Quick Pick lnk C Program Files WinZip WZQKPICK EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http www update microsoft com mic ls en x clie... Read more

A:infected by zlob.trojan and trojan.dowloader.contravirus and sercurity toolbar 7.2

hi, welcome to TSG.
Please download
SmitfraudFix
(by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.


NOTE: If you have downloaded ComboFix previously please delete that
version and download it again!

Download ComboFix from
Here
or
Here
to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just
before Windows starts to load. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a
HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its
running. That may cause it to stall

Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.


* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.
* Click here for info on how to boot to safe mode if you don't already know
how.
http://support.microsoft.com/kb/315222
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:

Once in Safe Mode, open the SmitfraudFix folder again and
double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter"
to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the
registry?"; answer "Yes" by typing Y and press "Enter" in order to
remove the Desktop background and clean registry keys associated with the
infection.

The tool will now check if wininet.dll is infected. You may be
prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process;
please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at
C:\rapport.txt

Warning: running option #2 on a non infected computer
will remove your Desktop background.

Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs wh... Read more

https://forums.techguy.org/threads/infected-by-zlob-trojan-and-trojan-dowloader-contravirus-and-sercurity-toolbar-7-2.653001/
Relevancy 41.28%

Hello I would be very thankful if you could help me cleanup my laptop Since days I have been experiencing problems everytime I log in into websites especially facebook s I get a sign that says that internet explorer has blocked that website and when I want to log in into facebook I encounter a sign that says that the website s certificate has expires and whether I Backdor and Rootkit.0Access, Infected Trojan PUB.BundleInstaller, Trojan.Dropper.PE4, with would like to proceed I have run the anti-malware software times but without success This is the first report I got using the quick function during normal mode -------------- PLEASE DONT SPENT ATTENTION TO THE DATE I DIDNT REALIZED THAT Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor IT WAS SET UP TO A DIFF DATE Malwarebytes Anti-Malware PRO www malwarebytes Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor org Database version v Windows XP Service Pack x NTFS Internet Explorer Administrator GLV administrator Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor Protection Enabled AM mbam-log- - - - - txt Scan type Quick scan Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Documents and Settings Administrator Desktop soft pcp conduit exe PUP BundleInstaller IB - gt Quarantined and deleted successfully C Documents and Settings Administrator Desktop soft pcp conduit exe PUP BundleInstaller IB - gt Quarantined and deleted successfully C WINDOWS Installer ff d- f - ce -a a- d b b n Trojan Dropper PE - gt Quarantined and deleted successfully C WINDOWS Installer ff d- f - ce -a a- d b b U cb Rootkit Access - gt Quarantined and deleted successfully end --------------- Then I did a full scan on a safe mode and got the following Malwarebytes Anti-Malware PRO www malwarebytes org Database version v Windows XP Service Pack x NTFS Internet Explorer Administrator GLV administrator Protection Disabled AM mbam-log- - - - - txt Scan type Full scan C D Scan options enabled Memory Startup Registry File System Heuristics Extra Heuristics Shuriken PUP PUM Scan options disabled P P Objects scanned Time elapsed hour s minute s second s Memory Processes Detected No malicious items detected Memory Modules Detected No malicious items detected Registry Keys Detected No malicious items detected Registry Values Detected No malicious items detected Registry Data Items Detected No malicious items detected Folders Detected No malicious items detected Files Detected C Documents and Settings Administrator Desktop Stubs a c efd d dd efced wlcomm exe Trojan Backdoor - gt Quarantined and deleted successfully C Documents and Settings Administrator Local Settings Application Data ff d- f - ce -a a- d b b n Trojan Dropper PE - gt Quarantined and deleted successfully C Program Files Uninstall Information ib uninst uninstall exe PUP BundleInstaller IB - gt Quarantined and deleted successfully C System Volume Information restore A B -CF D- B A-BD -B C DB RP A exe PUP BundleInstaller IB - gt Quarantined and deleted successfully C System Volume Information restore A B -CF D- B A-BD -B C DB RP A exe PUP BundleInstaller IB - gt Quarantined and deleted successfully C WINDOWS Tasks bProtector job PUP BProtector - gt Quarantined and deleted successfully end ---------------------- Few hours ago I got the same problem with the internet so I did a quick scan on normal mode but still got sth nasty in my laptop Malwarebytes Anti-Malware PRO www malwarebytes org Dat... Read more

A:Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor

I would like to add that this problem came around the same time that I started using the free quebles offered by hotmail.

http://www.bleepingcomputer.com/forums/t/460482/infected-with-pubbundleinstaller-trojandropperpe4-rootkit0access-and-trojan-backdor/
Relevancy 41.28%

hello i've read most of the manuals here and tried my best to scan and recover my pc problem is since i got infected by those trojans i cannot use my antivirus antispyware programs they are instatnly closed as i open them so i can't use AVG Hijackthis and others i m not able to open websites that More Trojan-downloader.win32.delf.pa By (trojan.stwoyle), And Infected Avkiller.c are connected to antivirus programs with some exceptios though i cant download and install Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More them on my pc even on safe mode - i managed to scan the pc online Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More using Panda Active scan and bit defender those have found hundreds of trojans and spywares on my computer i have also used Search amp Destroy with lil effect and AdAware but they weren't as effective as Panda and Bit Defender although they have deleted quite a few i stll cant access AVG Hijackthis and certain websites including some of the forums here like HijackThis log Analysis typical AVkiller C work im writing this post from another computer since i cannot enter the forum from mine please advise me on Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More how to clean my computer and get rid once and for all of those pests i've added some examples of the viruses found during the scan some could not be deleted Panda's Active scan found Virus Trj Downloader MOW Disinfected C WINDOWS system bxjoqoiabbjn dll Bit Defender has discovered but could not clean C WINDOWS system vpxyofsugazx dllSuspected of BehavesLike Trojan WinlogonHookC WINDOWS system vpxyofsugazx dllDisinfection failedC WINDOWS system vpxyofsugazx dllDelete failedC WINDOWS system urlnxqkxrfww dllSuspected of BehavesLike Trojan WinlogonHookC WINDOWS system urlnxqkxrfww dllDisinfection failedC WINDOWS system urlnxqkxrfww dllDelete failedC WINDOWS system hjthis dllInfected with Trojan AVKiller Agent CC WINDOWS system hjthis dllDisinfection failedC WINDOWS system hjthis dllDelete failedC WINDOWS system ipmnipmqsxye dllInfected with Trojan Downloader Delf AMBC WINDOWS system ipmnipmqsxye dllDisinfection failedC WINDOWS system ipmnipmqsxye dllDelete failedthere were literally hundreds more - but they were deleted by the scanning program those above are still causing trouble i'd appreciate your suggestions and help thanksDan

A:Infected By Trojan-downloader.win32.delf.pa (trojan.stwoyle), Avkiller.c And More

i was directed to this forum by fozzie :[img] You have a nasty infection on hand Trojan-Downloader.Win32.Delf.pa (Trojan.Stwoyle) You will not be able to run HiJackThis unless a special tool will be utlised. Please post the panda report in the HiJackThis forum here and they will help you. This is a sophisticated tool which needs expertisewhat is this tool he is speaking of, and how can i utilise it?thank u for ur time.

http://www.bleepingcomputer.com/forums/t/87003/infected-by-trojan-downloaderwin32delfpa-trojanstwoyle-avkillerc-and-more/
Relevancy 41.28%

Malwarebytes detected the the Happili trojan today and and asked that I reboot I did but / Infected 28.AFXS Redirect Generic trojan & Happili with Google Trojan am still getting redirected in Google searchs I also scanned with AVG and it detected quot Trojan Horse Generic AFXS There may be some other trojans also as this is the th trojan inssue I have had with this computer since Nov I paid a pc service firm to fix the issues back in November I then got another infection in January and April that I believed I fixed on my own I can post some of those trojan names if needed by going back to the old logs I attemped to Infected with Happili trojan / Google Redirect & Generic 28.AFXS Trojan fix this issue on my own today by running TDSS Killer and Trojan Remover from simply super software This product was installed when I paid to have it fixed in November but I am still getting redirects These issues just began about days ago I also noticed the PC repair firm I fixed the first issue used the Infected with Happili trojan / Google Redirect & Generic 28.AFXS Trojan Combo-fix program as there is still a Qoobox folder in the c drives root directory However they must have uninstalled the combo fix program itself I will also need to know how to remove the Qoobox folder My log and attachement are as follows DDS Ver - - - NTFSAMD Internet Explorer Run by Aaron at on - - Microsoft Windows Home Premium GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C PROGRA AVG AVG avgrsa exeC Program Files x AVG AVG avgcsrva exeC windows system wininit exeC windows system lsm exeC windows system svchost exe -k DcomLaunchC windows system svchost exe -k RPCSSC windows System svchost exe -k LocalServiceNetworkRestrictedC windows System svchost exe -k LocalSystemNetworkRestrictedC windows system svchost exe -k netsvcsC windows system svchost exe -k LocalServiceC windows system svchost exe -k NetworkServiceC windows System spoolsv exeC windows system svchost exe -k LocalServiceNoNetworkC Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files x AVG AVG avgwdsvc exeC Program Files x Microsoft BingBar SeaPort EXEC Windows SysWOW bgsvcgen exeC Program Files Bonjour mDNSResponder exeC windows system svchost exe -k LocalServiceAndNoImpersonationC PROGRA PANASO LocalCom lmsrvnt exeC windows system svchost exe -k imgsvcC windows system ThpSrv exeC Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exeC windows system SearchIndexer exeC Program Files x AVG AVG AVGIDSAgent exeC windows system taskhost exeC windows system Dwm exeC Program Files x AVG AVG avgnsa exeC windows Explorer EXEC Program Files x Spybot - Search amp Destroy SDWinSec exeC windows system taskeng exeC Program Files x TOSHIBA ConfigFree NDSTray exeC Program Files x Spybot - Search amp Destroy TeaTimer exeC Program Files x Garmin Training Center gStart exeC Program Files x SugarSync SugarSyncManager exeC Program Files x Common Files Apple Internet Services ubd exeC Windows System rundll exeC Program Files x Common Files Panasonic HD Writer AutoStart HDWriterAutoStart exeC windows SysWOW rundll exeC Program Files x Panasonic MFStation PCCMFSDM exeC Program Files x AVG AVG avgtray exeC Program Files x AVG Secure Search vprot exeC Program Files Windows Media Player wmpnetwk exeC Program Files x iTunes iTunesHelper exeC windows System svchost exe -k LocalServicePeerNetC Program Files x Common Files Apple Apple Application Support distnoted exeC windows system conhost exeC Program Files iPod bin iPodService exeC Program Files x TOSHIBA ConfigFree CFSwMgr exeC Program Files x TOSHIBA ConfigFree CFIWmxSvcs exeC windows system svchost exe -k SDRSVCC Program Files x Internet Explorer iexplore exeC Program Files x Common Files AVG Secure ... Read more

A:Infected with Happili trojan / Google Redirect & Generic 28.AFXS Trojan

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/457756/infected-with-happili-trojan-google-redirect-generic-28afxs-trojan/
Relevancy 41.28%

Hey folks and thanks in advance for all of your hardwork You guys have helped so many people those asking and those who just lurk Trojan.0acess, with Trojan.Dropper.BCMiner Infected Rootkit.Zacess, Either way great job and you all deserve a pat on the back and then some So it seems as though other people have recently been having problems with trojan acess as well I found it with MBAM and like the others it removes rootkit zacess and trojan dropper bcminer however trojan acess appears again after reboot As of now I have disabled internet connection to my infected desktop The DDS and GMER were ran after running a C Infected with Trojan.0acess, Rootkit.Zacess, Trojan.Dropper.BCMiner Windows specific scan with mbam Infected with Trojan.0acess, Rootkit.Zacess, Trojan.Dropper.BCMiner and no connection to the internet the MBAM log below is of the first full scan while being connected to the internet Infected with Trojan.0acess, Rootkit.Zacess, Trojan.Dropper.BCMiner I started noticing web redirects and firefox being unable to connect to certain pages this could be something else about a three days ago and ran a quick scan with MBAM which came up with nothing the Full scan came up with the three above I run no antivirus software and I don t use windows firewall UAC is also disabled Further attempting to turn on Windows Firewall yields quot Windows Firewall can t change some of your settings Error code x quot DDS DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Danny at on - - Microsoft Windows Ultimate GMT - SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows system atiesrxx exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Program Files Common Files Adobe ARM armsvc exeC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Windows System svchost exe -k LocalServiceNoNetworkC Windows system PnkBstrA exeC Windows system svchost exe -k imgsvcC Windows system atieclxx exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files Windows Media Player wmpnetwk exeC Windows system SearchIndexer exeC Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Windows system HsMgr exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Java Java Update jusched exeC Program Files ASUS Xonar DS Audio Customapp ASUSAUDIOCENTER EXEC Program Files Windows Sidebar sidebar exeC Program Files iPod bin iPodService exeC Program Files foobar foobar exeC Program Files Malwarebytes Anti-Malware mbam exeC Windows system NOTEPAD EXEC Windows system WUDFHost exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Windows system wbem wmiprvse exe C Windows system wbem WMIADAP EXEC Windows system wbem wmiprvse exeC Windows system vssvc exeC Windows System svchost exe -k swprvC Windows system conhost exe Pseudo HJT Report uWindow Title Internet Explorer optimized for Bing and MSNuInternet Settings ProxyOverride localBHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dlluRun Facebook Update quot c users danny appdata local facebook update FacebookUpdate exe quot c nocrashserveruRun DAEMON Tools Lite quot c program files daemon tools lite DTLite exe quot -autorunuRun Sidebar c program files windows sidebar sidebar exe autoRunmRun Cmaudio RunDll cmicnfgp ... Read more

A:Infected with Trojan.0acess, Rootkit.Zacess, Trojan.Dropper.BCMiner

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/463644/infected-with-trojan0acess-rootkitzacess-trojandropperbcminer/
Relevancy 41.28%

Hi, I was working on my pc last night. I left the room and when I came back my desktop wallpaper was gone and replaced by a screen stating the following: WARNING - Your're in Danger etc etc. I couldn't open any programmes I just kept getting pop-ups asking me to buy a product to get rid of spyware - it was called system tool? I restarted pc in safe mode and ran Malwarebytes anti-malware. It eventually (after pc crashing a couple of times) found and removed "Trojan.Fake Alert" and "Trojan.zbotR.Gen". I can now use the pc but am worried that it may still be infected I have tried to scan it with AVG but pc keeps shutting down before scan is completed. I'd be grateful for any advice, Thanks

A:MBAM Removed Trojan.Fake Alert and Trojan.zbotR.gen Is my PC Still Infected?

My hubby had this problem. It took me ages to sort it out.
Nothing stays open long enough, if it will open, to sort it out. I had to open XP in safe mode by continuously pressing F8 on start up. I followed instructions on how to use RKill found on this site. RKill stopped the virus from preventing internet etc from being opened.
I then downloaded Spyware Doctor anti-malware which I thought had sorted the problem out.
Don't reboot after using RKill or the virus might return, use Malwarebytes to clean it up first, I did this after I had run RKill in safe mode and also had to use RKill again followed by Malwarebytes in usual windows XP when the virus returned after computer had been turned off completely and restarted. The system is now clean and virus has not returned.
Also, something called BADARemote seems to carry viruses, when I cleaned out the virus, the BADARemote icon was in my start up menu where the icon for the bogus security centre had been. I googled BADARemote and found others had had problems with it too, thinking it was supposed to be on the system. It is easily got rid of, I found instructions in google, will try to find a link for you if you have the same problem as we did.
Best wishes.
K

P.S. trouble started with hubby clicking on a web link so make sure you have your security settings enabled to warn you of potentially danger in real time from such links.

http://www.bleepingcomputer.com/forums/t/381894/mbam-removed-trojanfake-alert-and-trojanzbotrgen-is-my-pc-still-infected/
Relevancy 41.28%

Came across a laptop at work today that had Windows Update, Windows Firewall, Windows Defender and Microsoft Security Essentials all disabled (one of those even reporting that it was by GPO.
 
Scanned the system with Malwarebytes and found the following viruses:
 
Trojan.Ransom.Gend
Trojan.Dofoil
Backdoor.Bot.ED
 
Scan that caught these was a quick scan.  Rebooted into safe mode and ran a full scan and it came up clean.
 
What scan should I do next?

A:Infected laptop Backdoor.bot.ED, Trojan.Ransom.Gend and Trojan.Dofoil

Hello, Scanned the system with Malwarebytes and found the following viruses:Can you please post up the log file of this scan that documents these findings? And in addition, please run a FRST scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

http://www.bleepingcomputer.com/forums/t/522019/infected-laptop-backdoorboted-trojanransomgend-and-trojandofoil/
Relevancy 41.28%

Hi there I have been having issues with my computer starting about a month ago I use Norton Internet Security and about a month ago Norton began showing repeated messages that it was blocking attacks by the virus Trojans listed Angler Exploit Kit Trojan.AdClicker, with Trojan.Powerliks, Infected Website 15 above I do not however believe that it was actually doing so Soon after these messages began my computer started becoming increasingly slow Since then I have used the infected computer very minimally ex to retrieve a file document I only have saved on that computer etc as I have a second one that is fine but I would like to try and solve these issues I have done a little research and it seems other people are also having this issue Likewise I have also noticed multiple dllhost processes and other unfamiliar processes showing up I apologize in advance as I am not particularly computer savvy I have reviewed the Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help Infected with Trojan.Powerliks, Trojan.AdClicker, Angler Exploit Kit Website 15 however I have had some issue with steps and and I am unsure of how to proceed First regarding step my computer does not give me the option to enable the Windows firewall as it shows that Norton Internet Security has control over those settings Is this ok or do I need to disable NIS and enable the Windows firewall before proceeding Second regarding step I did go ahead and try to download the DDS tool from the Infected with Trojan.Powerliks, Trojan.AdClicker, Angler Exploit Kit Website 15 link in the Prep Guide post however after clicking on Download Now I receive a pop up message box titled Security Alert that says Your current security settings do not allow this file to be downloaded Do you know how I can go about altering my security settings so that I can download the DDS tool The infected computer is painfully slow at the moment From the time I turn the computer on it may take me about minutes to simply open the Preparation Guide webpage click the link for the DDS tool download page and wait for that page to fully load Thanks in advance for you help -MC

A:Infected with Trojan.Powerliks, Trojan.AdClicker, Angler Exploit Kit Website 15

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1Re-enable downloads in Internet Explorer
Press the + R on your keyboard at the same time. Type inetcpl.cpl and click OK.
 
Click the Security tab and then on Step 2
Please download Powelikscleaner (by ESET) and save it to your Desktop.
Double-click the to start the tool.
Read the terms of the End-user license agreement and click Agree if you agree to them.
The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
The tool will produce a log in the same directory the tool was run from.
Please copy and paste the log in your next reply.
Step 3
Please run a FRST scan. This will help us diagnose your problem.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
Start FRST with administator privileges.
Make sure the option Addition.txt is checked and press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.
Step 4
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:
process;
services-list;
systemspecs;
startupall;
filesrcm;
Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.

http://www.bleepingcomputer.com/forums/t/556995/infected-with-trojanpowerliks-trojanadclicker-angler-exploit-kit-website-15/
Relevancy 41.28%

I've spent the last week or so trying to get all these Trojan Vundo Trojan Nebular Adware Purityscan Infostealer Ldpinch Downloader off my computer I should tell you that I know next to nothing when it comes to computers and I'm terrible in a crisis situation but honestly I think I've tried just about everything from the Symantec website So today I decided to try it here at BleepingComputer com So I followed everything in the Preparation Guide for the site Rebooted and Symatec Auto-protect popped up to warn about Tojan Vundo Trojan Nebular and Downloader I ran VundoFix exe Deleted all that was to be deleted Restarted Ran VundoFix exe until it said it was clean Then the Auto-Protect pops up to say that it detected Downloader I turned off my Wireless Internet Connection Infected Trojan.vundo, Adware.purityscan, Infostealer.ldpinch, With: Trojan.nebular, Downloader By the way the Firewall baffles me I don't know what to say no to and what to say yes to Ran Spybot Ad-Aware and deleted everything they found Ran Stinger until it was clean twice Turned back on my Wireless Connection to log on to this website Opened Firefox MSN and Yahoo messenger opens See I'm about sure that it's IE that's the catalyst If I just stick to Firefox everything is fine for a good while and the Auto-Protect starts popping up to warn about Downloader Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader every five seconds far more than it has been doing for the past week but Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader it's just that one and not the 'trojans' I restarted the comp again everything calm now did the HijackThis and here I am If I missed out on anything I'm sorry but that just about covers most of my afternoon I would really appreciate some help and thank you so much in advance All these warning constantly popping up frightens me So here is my HijackThis file Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Sygate SPF smc exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Acer Empowering Technology admServ exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS system HDDSvc exeC Program Files iolo Common Lib ioloDMVSvc exeC WINDOWS system HPZipm exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Symantec AntiVirus Rtvscan exeC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS SOUNDMAN EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Launch Manager LaunchAp exeC Program Files Launch Manager HotkeyApp exeC Program Files Launch Manager OSDCtrl exeC Program Files Launch Manager Wbutton exeC acer Empowering Technology ePower epm-dm exeC Acer Empowering Technology admtray exeC Acer Empowering Technology eDataSecurity eDSloader exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files Hard Drive Inspector HDInspector exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SY... Read more

A:Infected With: Trojan.vundo, Trojan.nebular, Adware.purityscan, Infostealer.ldpinch, Downloader

Welcome to the BleepingComputer HijackThis Logs and Analysis forum AngelSpirit My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/102365/infected-with-trojanvundo-trojannebular-adwarepurityscan-infostealerldpinch-downloader/
Relevancy 40.85%

i was recently infected with a backdoor trojan which norton anti virus quarantined Infected If Recently To Please Infected , Backdoor.trojan See Still Needed With Help A and i subsequently deleted it in norton anti virus but i do not know if my system is clean or if it still infected i would be very grateful if someone could take a look at my log below thankyou Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC Recently Infected With A Backdoor.trojan , Help Needed Please To See If Still Infected WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exec APPS Powercinema Kernel TV CLCapSvc exeC Program Files CyberLink Shared Files CLML NTService CLMLServer exeC Program Files CyberLink Shared Files CLML NTService CLMLService exeC Program Files Norton GoBack GBPoll exec APPS HIDSERVICE HIDSERVICE exeC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exec APPS Powercinema Kernel TV CLSched exeC WINDOWS Explorer EXEC WINDOWS sm hlpr exeC WINDOWS system RUNDLL EXEC Program Files Java jre bin jusched exeC WINDOWS RTHDCPL EXEC Program Files Common Files Ulead Systems AutoDetector monitor exeC Apps Powercinema PCMService exeC Program Files BroadJump Client Foundation CFD exeC PROGRA ntl BROADB SMARTB MotiveSB exeC WINDOWS System spool DRIVERS W X E FATIAHE EXEC Program Files Common Files Symantec Shared ccApp exeC Program Files Common Files Real Update OB realsched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files QuickTime qttask exeC Program Files iTunes iTunesHelper exeC APPS SMP SmpSys exeC Program Files MSN Messenger MsnMsgr ExeC WINDOWS system ctfmon exeC Program Files Norton GoBack GBTray exeC Program Files iPod bin iPodService exeC Program Files ntl broadband medic bin mpbtn exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC Program Files Common Files Symantec Shared NMain exeC PROGRA NORTON NORTON navw exeC Program Files Windows Media Player wmplayer exeC APPS ODP OD State exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Internet Explorer iexplore exeC Program Files Messenger msmsgs exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http format packardbell com cgi-bin redi amp key SEARCHR - HKCU Software Microsoft Internet Explorer Main Start Page http www ntlworld com broadbandR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http bbmedic ntlworld com medic tour bbdemo htmR - HKCU Software Microsoft Internet Explorer Main Window Title Packard BellR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live Windo... Read more

A:Recently Infected With A Backdoor.trojan , Help Needed Please To See If Still Infected

Hello monkeyface, Sorry for the delay. We have many logs backed up. I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.**********************You will need to use Internet Explorer for this scan. Disable your Norton Antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.When done, submit the BitDefender log, and a fresh Hijackthis log.

http://www.bleepingcomputer.com/forums/t/100388/recently-infected-with-a-backdoortrojan-help-needed-please-to-see-if-still-infected/
Relevancy 40.85%

All -Thanks in advance for your help Some background Last Wednesday I hit a website from a Google search and got a suspicious message to launch an anti-virus program that I didn t recognize I tried to run an anti-virus program I own I think it was Webroot Spysweeper but it froze after of card... to trojan, I Trojan-Downloader.Win32.Lukicsel.A infected another slowness video still system due is or loss Am or with an Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card... hour and everything on the system slowed to a crawl Guessing that I was seriously infected I immediately used restart to shut down the computer and reboot to my D partition that has a different installation of Windows so that I could take a look and run some anti-virus and anti-malware programs I had to shut down processes because the system was not allowing me to shut Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card... down Spysweeper I ran AdAware and MalwareBytes which produced the logs farther below shown after the requested DDS logs Since two of the messages indicating removal of an infection mention Spysweeper I wonder if it didn t infect that program while it was running Since I ve been through something a bit like this in and worked with Bleeping Computer to resolve it I did as instructed in the Preparation Guide but also ran several existing apps like Anti-virus -AvastMalware BytesSpysweeperAdAwareSuperAntiSpywareMisc -ADS Spy Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card... v TDSSKillerRKILLGMERHijackThisIMPORTANT - I THINK WHAT MIGHT BE CAUSING MY SYSTEM SLOWNESS NOW WINDOWS PAINTING IN A JAGGED FASHION AS I MOVE THEM AND SCREENS REDRAWING VERY SLOWING AS I PAGE DOWN IN APPS AND BROWSERS IS THE FACT THAT TDSSKILLER DELETED ONE OF MY NVIDEA DRIVERS AND AS A RESULT I GET THE GENERIC DRIVER WHEN I REBOOT EVEN WHEN I TRIED TO COPY THE SYS FILE BACK IT WOULDN T LOAD HERE S THE END OF THE LOG FROM TDSSKILLER Detected object count nv a d a c aecdd d b d f a C WINDOWS system DRIVERS nv mini sys Suspicious file Forged C WINDOWS system DRIVERS nv mini sys Real md a d a c aecdd d b d f a Fake md d f d c e bb ed e e C WINDOWS system DRIVERS nv mini sys - copied to quarantine Forged file nv - User select action Quarantine Here is the DDS log and attached is the Attach file zipped See below this for several other log files from the other programs DDS Ver - - - NTFSx Run by Robert Weil at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Spy Sweeper with AntiVirus Enabled Updated B - - B- -E CCFA A D D AV avast Antivirus Disabled Updated DB - F - A -B - A FD D AV Kaspersky Anti-Virus Disabled Outdated C D BC - - -A F -E C Running Processes C WINDOWS system svchost -k DcomLaunchC WINDOWS system svchost -k rpcssC WINDOWS System svchost exe -k netsvcsC Program Files WTouch WTouchService exeC WINDOWS system svchost exe -k NetworkServiceC WINDOWS system svchost exe -k LocalServiceC Program Files Lavasoft Ad-Aware AAWService exeC Program Files AVAST Software Avast AvastSvc exeC Program Files WTouch WTouchUser exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files hpq HP Wireless Assistant HP Wireless Assistant exeC WINDOWS system RUNDLL EXEC WINDOWS system msdtc exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files HighCriteria TotalRecorder TotRecSched exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files dvd dvd tray exeC Program Files Hp HP Software Update HPWuSchd exeC WINDOWS System svchost exe -k AkamaiC Program Files HP hpcoretech hpcmpmgr exeC Program Files Common Files Apple Mobile Device ... Read more

A:Am I still infected with Trojan-Downloader.Win32.Lukicsel.A or another trojan, or is system slowness due to loss of video card...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedIn the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/387528/am-i-still-infected-with-trojan-downloaderwin32lukicsela-or-another-trojan-or-is-system-slowness-due-to-loss-of-video-card-driver/
Relevancy 40.85%

Hello My computer appears to have been infected by the Antivirus Pro virus a few weeks ago suddenly Mozilla was hijacked redirected to another site see below Suddenly numerous fake antivirus screens suggesting I had a virus At the time of infection I was using McAfee Total Protection Service as well as an older version of MBAM not runtime version Steps I followed Killed ave exe process and manually deleted all instances in 2010: Antivirus Infected Trojan.FakeAlert.Gen, Trojan.Fraudpack with Pro the file system application data folder and registry Created and ran fix reg which allowed me to download and execute other programs which I was unable to do up to that point Ran SDFIX exe which didn t report anything At some point I then rebooted and the issue occurred again Updated and ran MBAM and it showed Trojans in the log file which I then quarantined I then downloaded and ran Stopzilla which then quarantined and deleted ave exe Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack I ran MBAM after that and it came back completely clean Also since Yahoo wasn t showing up correctly in the browser I reinstalled the Java runtime environment assuming it got screwed up somehow At that point I turned off my PC for the night Upon reboot later the next day Stopzilla showed AVE exe was there again I continue to have browser hijacks and sometimes my laptop hangs if the hijack occurs when I am out of the office If I close the hijack right away there are no outward signs of issues Every so often McAfee will report it has deleted certain viruses as below But none of the tools seems to be able to resolve the issue permanently Here are links from the two of the browser hijacks hxxp v nks cc XAa une q MSeS b b a da cbf xhxxp a cn XvQ ifX j QSXO ee d d a c a f fcc kSome of the files that have been deleted by McAfee in the last few days ILEE EXE Generic Fake Alert gzAVE EXEFakeAlert WinWeb Security CFakeAlert Xpspy Av exeArtemis BFF D B I have attached the GMER and MBAM logs I would have attached the DDR logs as well but even after multiple attempts I couldn t get that program to finish this despite my best efforts at removing script and popup blocking in advance Thanks in advance for your assistance MattEdit Link disabled to preclude possible infection tgRemoved log as not allowed in this forum OB

A:Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack

hi mshadle,You could try this exactly as it is stated, but it might not do any long term good since you might have additional problems.This part of Bleeping Computer usually doesn't look at logs, but based on what you posted, it looks like you might have rootkit. I recommend you follow this guide which will allow you to get help from the malware experts that can assist you in these types of advanced repairs. Good luck and let me know if you have any questions.

http://www.bleepingcomputer.com/forums/t/312400/infected-with-antivirus-pro-2010-trojanfakealertgen-trojanfraudpack/
Relevancy 40.85%

Hi About two weeks ago Norton Winfixer/virtumonde, Trojan.adclicker Infected With Trojan.dropper, Antivirus caught a number of viruses on my computer winfixer trojan virtumonde downloader I had Infected With Winfixer/virtumonde, Trojan.dropper, Trojan.adclicker someone take a look at my computer and the three viruses were removed He used VundoFix and VirtumundoBegone to get rid of winfixer However a couple of days later winfixer popped up again along with trojan adclicker and trojan dropper While Norton claims to have deleted trojan adclicker and trojan dropper successfully but winfixer only partially Still everytime i go on the internet i'm hindered by pop-ups the first time I just completed running through 'Preparation Guide for Use Before Posting a Hijackthis Log' and I also checked the log to see if I could identify the and corresponding entries that should represent the winfixer virtumonde virus but though some claim to have 'files missing ' there seem to be no pairs attached is my hijackthis log i hope you can help thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS system Ati evxx exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS system CTsvcCDA EXEC Program Files Symantec AntiVirus DefWatch exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Symantec AntiVirus Rtvscan exeC PROGRA Intel Wireless Bin XConfig exeC Program Files Viewpoint Common ViewpointService exeC Program Files Java jre bin jusched exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files Dell Media Experience PCMService exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Microsoft Hardware Mouse point exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC WINDOWS CTHELPER EXEC Program Files iTunes iTunesHelper exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Creative MediaSource Detector CTDetect exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Symantec AntiVirus DoScan exeC Program Files Digital Line Detect DLG exeC Program Files iPod bin iPodService exeC Program Files HijackThis HijackThis exeC WINDOWS system wuauclt exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Search Bar http bfc myway com search de srchlft htmlR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com mywayR - URLSearchHook no name - D F -B FE- -BF - AB D D - C Program Files MyWaySA SrchAsDe bin deSrcAs dllO - BHO no name - - - - - - C WINDOWS DH dll file missing O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrob... Read more

A:Infected With Winfixer/virtumonde, Trojan.dropper, Trojan.adclicker

Welcome to the BleepingComputer HijackThis Logs and Analysis forum duckie15 My name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerDownload Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/105212/infected-with-winfixervirtumonde-trojandropper-trojanadclicker/
Relevancy 40.85%

MY ORIGINAL POST IS and with trojan.Virtumonde generic!artemis trojan.Vundo Infected IN THE WRONG SECTION gt I APOLOGIZE My pride has been in the way of asking for help in situations like this but I think I am in way over my head so here goes I have been infected with multiple trojans and malware including Trojan TDSSTrojan Vundo HTrojan VirtumondeTrojan VundoGeneric artemisTrojan FakeAlertTrojan SenekaMalware TraceTrojan AgentSpyware OnlineGamesand most recently generic artemisI have used multiple scanner programs Malwarebytes Malware Windows Defender Spyware Doctor Norton Corporate Anti-virus and Lavasoft Adware AND I uninstalled Symantec Norton Anti-virus Corperate and installed AVG and ran it in safemode and it had a ton of virus that it detected I then removed AVG after it was done and reinstalled Symantec Norton Coperate Anti-virus I also used Vundofix to rid myself of the Vundo I think I have finally gotten rid of vundo I pray I did really NASTY virus and most of the other virii but I just recently for safety sake scanned my pc using Mcaffee Stinger and I have the generic artemis virus I have no idea the damage that has been done to my pc but It is running terrible and My anti-virus has crapped out a couple of Infected with trojan.Virtumonde trojan.Vundo and generic!artemis times during a scheduled scan Most of the time I cannot do a scheduled scan as it hangs up When I was infected with the Vundo Virus It screwed up my registry and did some really nasty damage to my winsock files I had someone look at it and they had me run FixVundo exe VundoFix exe and WinsockXPfix v exeI have downloaded hijack this and copy pasted the logs for anyone to PLEASE help me with I have the log of for anyone to help me a rid myself of all infectionsRepair the damage all the virus have causedAny help would be greatly appreciated

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

Actually it is in the correct forum for HJT logsI will close this thread and leave the other one intact

http://www.bleepingcomputer.com/forums/t/198274/infected-with-trojanvirtumonde-trojanvundo-and-genericartemis/
Relevancy 40.85%

I get the following Messages from AVG's Resident Shield Threat detected Trojan horse SHeur BXNY detected on open lt --this happens on different files Threat detected Trojan horse Generic CIFI detected on open lt --this has only happened on one file so far luckily I do the AVG computer scan it detects the trojans and says it heals all infections but then it starts coming back again I've with Infected Generic 15.CIFI Trojan and Trojan SHeur2.BXNY also tried using Spybot and Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI have the same thing happen there too What seems to be happening is that it keeps creating files It creates them Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI like this C Windows temp tmp svchost exe tends to be random Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI letters I've gone in and deleted everything in my temp folder done the scans and been told the computer is clean and then about five minutes later I get a message saying it's started spawning them again I've been trying to stay on top of emptying out my temp folder while it's doing this though because in the course of minutes it'll spawn like of these files --------------------------------------------------------- DDS Ver - - - NTFSx Run by Robyn at on Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT AV AVG Internet Security On-access scanning enabled Updated DDD - FF- F- E B- D D BF SP AVG Internet Security enabled Updated DDD - FF- F- E B- D D BF SP Spybot - Search and Destroy enabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender disabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Windows system lsm exe C Program Files AVG AVG avgcsrvx exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system vfsFPService exe C Windows system rundll exe C Program Files Acer Bio Protection CompPtcVUI exe C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows RtHDVCpl exe C Program Files Acer Empowering Technology ePower ePower DMC exe C Program Files Launch Manager LManager exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Acer Bio Protection PdtWzd exe C Windows System rundll exe C Program Files AVG AVG avgtray exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files AVG AVG avgwdsvc exe C Program Files Adobe Adobe Bridge CS Bridge exe C Windows system svchost exe -k bthsvcs C Program Files Acer Empowering Technology Service ETService exe C Windows ehome ehtray exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Intel WiFi bin EvtEng exe C Program Files AVG AVG avgam exe C Windows ehome ehmsas exe C Program Files Acer Bio Protection BASVC exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system PSIService exe C Program Files Common Files Intel WirelessCommon RegSrvc exe C Windows System tcpsvcs exe C Users Robyn AppData Local Temp RtkBtMnt exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system wbem unsecapp exe C Wind... Read more

A:Infected with Trojan SHeur2.BXNY and Trojan Generic 15.CIFI

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/277632/infected-with-trojan-sheur2bxny-and-trojan-generic-15cifi/
Relevancy 40.85%

I would greatly appreciate any help I can get with this Norton has informed me my computer is infected with Trojan Zeroaccess inf Trojan Gen Packed Generic and also Trojan Webkit html I realized the seriousness of it when any browser I was using would freeze when I'd attempt Packed.Generic.382 Infected + Trojan.Gen, Trojan.Zeroaccess!inf4, with more 1 to login to online banking Thankfully my Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more bank noticed something was happening too and shut down the online banking before any damage was done No more online banking till this gets Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more fixed DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Owner at on - - Microsoft Windows Home Premium GMT - AV Norton Enabled Updated DF - - D- - DC EFD BF SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Norton Enabled Updated D BEB -B A- E - B -B B FW Norton Enabled BE D -DB F- - AD - F E C FC Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Program Files x Trusteer Rapport bin RapportMgmtService exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files ABBYY FineReaderSprint Licensing Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more NetworkLicenseServer exe C Program Files x Common Files ArcSoft Connection Service Bin ACService exe C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C IDrive IDriveE Service exe C IDrive IDriveWebM exe C Program Files x Norton Engine ccSvcHst exe C Windows SysWOW NLSSRV EXE C Program Files x NewTech Infosystems Gateway MyBackup IScheduleSvc exe C Program Files x NVIDIA Corporation nTune nTuneService exe C Windows system svchost exe -k imgsvc C Program Files Western Digital WD SmartWare WD Drive Manager WDDMService exe C Program Files x Western Digital WD SmartWare Front Parlor WDFME WDFME exe C Program Files x Western Digital WD SmartWare Front Parlor WDSC exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Intel Intel Matrix Storage Manager IAANTMon exe C Windows system SearchIndexer exe C Windows System WUDFHost exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system taskhost exe C Program Files x Norton Engine ccSvcHst exe C Windows system Dwm exe C Program Files x Trusteer Rapport bin RapportService exe C Program Files NVIDIA Corporation Display nvtray exe C Program Files Logitech Gaming Software LWEMon exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Microsoft IntelliPoint dpupdchk exe C Program Files Logitech SetPointP SetPoint exe C Program Files Windows Media Player wmpnetwk exe C Program Files x Songbird songbirditunesagent exe C Program Files Western Digital WD SmartWare WD Drive Manager WDDMStatus exe C Program Files x Common Files Research In Motion USB Drivers RIMBBLaunchAgent exe C Program Files x iTunes iTunesHelper exe C Program Files x Epson Software Event Manager EEventManager exe C Program Files x Common Files ArcSoft Connection Service Bin ACDaemon exe C Program Files x Ask com Updater Updater exe C Program Files x Elaborate Bytes VirtualCloneDrive VCDDaemon exe C Program Files x Common Files Java Java Update jusched exe C Program ... Read more

A:Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more

Hello ddr12 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller--Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/485918/infected-with-trojanzeroaccessinf4-trojangen-packedgeneric382-1-more/
Relevancy 40.85%

I realized something was going on with my Infected Trojan.Zekos.PatchedXP3 Trojan.Win32.Patched.pj and with mom's computer when there were vocal ads playing and no windows were open Going into Task Manager I saw Google Chrome was running If I ended that task the sound would stop Infected with Trojan.Win32.Patched.pj and Trojan.Zekos.PatchedXP3 a new Google Chrome window would open and then disappear and the ads would start again TDSS Killer found that both DcomLaunch and RpcSs are infected with Trojan Win Patched pj and Malwarebytes found Trojan Zekos PatchedXP and some Rogue Multiple Also anytime I would try to reboot the computer I get a pop up message as soon as it boots saying Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly and then gives me seconds before it shuts down and restarts I have found that I can quickly open Command Prompt and use shutdown a to cancel the reboot and continue using the computer that way Here is the loop I am stuck in Boot computer Get shut down message Cancel with Command Prompt Run TDSS Killer finds things tell it to cure Reboots No shut down message this time Rerun TDSS Killer clean Run Malwarebytes finds Zekos tell it to quarantine Reboots Get the shut down message again Cancel with Command Prompt Rerun TDSS Killer finds the same things again And here is where my never ending cycle comes in I just can't get rid of these nasty guys Here is my preliminary DDS report DDS Ver - - - NTFS x Internet Explorer BrowserJavaVersion Run by main at on - - Running Processes C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Java jre bin jqs exe C Program Files Malwarebytes Anti-Malware mbamscheduler exe C Program Files Malwarebytes Anti-Malware mbamservice exe C Program Files Malwarebytes Anti-Malware mbam exe C WINDOWS System alg exe C WINDOWS system RunDLL exe C WINDOWS System spool DRIVERS W X E FATIADA EXE C WINDOWS system wuauclt exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS System svchost exe -k NetworkService C WINDOWS System svchost exe -k LocalService C WINDOWS System svchost exe -k LocalService C WINDOWS System svchost exe -k imgsvc Pseudo HJT Report uStart Page hxxp www google com uURLSearchHooks EA - AA - A A- - AF E D F - lt orphaned gt BHO D -C F - efb- B - ECA - lt orphaned gt BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO Java Plug-In SSV Helper DBC -A - b-BC - C C C A - c program files java jre bin jp ssv dll EB - a - b-a - c a a - lt orphaned gt uRun EPSON Stylus CX Series c windows system spool drivers w x E FATIADA EXE P EPSON Stylus CX Series M Stylus CX EF HKCU mRun EPSON Stylus CX Series c windows system spool drivers w x E FATIADA EXE P EPSON Stylus CX Series O USB M Stylus CX mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit -login mRunOnce A - C- B F- -D B CBB A cmd exe C start D c docume main locals Temp B A - C- B F- -D B CBB A exe -accepteula -accepteulaksn -postboot uPolicies-Explorer NoDriveTypeAutoRun dword mPolicies-Windows System Allow-LogonScript-NetbiosDisabled dword mPolicies-Explorer NoDriveTypeAutoRun dword IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF E D -B - d-BC - AFFED E F - hxxp www nvidia com content DriverDownload srl srl bin sysreqlab nvd cab DPF B-B - D-A D -FCFDF E C - hxxp update microsoft com windowsupdate v V Controls en x client wuweb site cab DPF E A- D- EE - C-DC FA D FC - hxxp www update microsoft com microsoftupdate v V Controls en x client muweb site cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab TCP Interfaces... Read more

A:Infected with Trojan.Win32.Patched.pj and Trojan.Zekos.PatchedXP3

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi jumpman17,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
When the tool opens, click Yes to disclaimer.
Press the Scan button.
When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------We need to search for a file with FRST:
Double-click on FRST.exe/FRST64.exe on your desktop to open it, in the search box, type the following: rpcss.dll
Press the Search Files button, allow FRST to run
A log file Search.txt will appear when complete, please post this in your next reply
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:
FRST.txt
Addition.txt
Search.txt
xXToffeeXx~

http://www.bleepingcomputer.com/forums/t/542146/infected-with-trojanwin32patchedpj-and-trojanzekospatchedxp3/
Relevancy 40.85%

Hi guys I ran a rogue executable sent to me by a friend and knew immediately that something was awry SYMPTOMS- Computer bogged down immediately and i saw i was infected with the Nmehaa exe process with Malware.Trace, Infected Trojan.Agent, Trojan.Downloader which i ended - Received repeated warnings that Spoolsv exe was trying to access secure files selected no - Received repeated warning that internet explorer wasn t executing script properly and prompted to continue running script I don t use IE just firefox I selected no repeatedly then accidentally hit yes which resulting in my google Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader links being hijacked and sending me to shopping pages within firefox - could not run malwarebytes anti-malware OR Superantispyware free- my wireless zero configuration continually turns itself off meaning wireless network access is nearly impossible- PC doesn t recognize a plugged in ethernet cable- my taskbar at bottom has messed up colors i run a black theme and the taskbar is now black Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader with gray sections ACTIONS- disabled wireless network card- ran Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader AVG anti-virus in standard mode which gave a false negative and didn t remove any infection- attempted system restore several times to no effect- found and followed the preparation guide here on bleepingcomputer com DDS and GMER files are attached - After following guide i took one more stab at a solution I downloaded the latest versions of superantispyware and malwarebytes and their latest definitions transferred them to the PC via USB and ran them in safe mode after turning off system restore THE RESULTSSuperAntiSpyware found the following - Malware Trace- Trojan Agent- Trojan Agent Gen- Trojan Agent Gen-Fraudera- Trojan Agent Gen-Kryptek- Trojan Agent Gen-TDSS Rel After SuperAntiSpyware Malwarebytes found the following - Trojan Agent- Trojan downloader- Trojan downloader second instance PROBLEMS STILL THEREI rebooted in standard mode and it appears that most of the problems are gone but i m still having some issues - still cannot run malwarebytes or superantispyware without changing their names- wireless zero configuration is still an issue with me having to manually restart it in services but connectivity still isn t available - still have issues with my taskbar colorscheme i can reinstall easily but i worry its sign of a bigger problem Would really appreciate any help you can give to getting my system running like a champ RyanPS - One question do i need to worry about my USB peripherals being infected ie my gig usb drive which i used to transfer anti-malware files or my larger gig storage which i didn t access and yanked as soon as i saw a problem I realized that i didn t follow the preparation guide properly My DDS log output is pasted below this was run before i did the superantispyware and malwarebytes scans so i can rerun it if asked as an amendment to the above the spoolsv exe prompt is now BACK it reappeared after I rebooted my computer with the wifi card turned on ack ------DDS Ver - - - NTFSx Run by RPo at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exesvchost exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC WINDOWS Explorer EXEC Program Files Java jre bin jqs exeC WINDOWS system PnkBstrA exeC Program Files AVG AVG avgnsx exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files Synaptics SynTP SynTPLpr exeC Pro... Read more

A:Infected with Malware.Trace, Trojan.Agent, Trojan.Downloader

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT

Click the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs in your reply.We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logIn your reply, please post both OTL logs and the GMER log.

http://www.bleepingcomputer.com/forums/t/355088/infected-with-malwaretrace-trojanagent-trojandownloader/
Relevancy 40.85%

Hello everyone MY COMPUTER Windows SP fully updatedHP Pavilion a nAMD athlon addons ATi Radeon x Pro Creative Soundblaster SB X-FiMY PROBLEM I have been infected with Trojan Vundo Adware Ezula and Trojan Metajuan sometime in the last two weeks I am not sure how this happened and there are other people here in my house who use this computer so I don't know the exact date of infection For starters here is an overview of the symptoms With Infected Adware.ezula Trojan.vundo, And Trojan.metajuan whenever I open up IE an additional unwanted window appears with whatever advertising garbage sometimes when I am havent opened a new window an unwanted popup will apear and other times when I am working in Infected With Trojan.vundo, Adware.ezula And Trojan.metajuan an IE window something deselects it and tries to popup a new unwanted window for instance I will be writing something online and my keystrokes will stop appearing on the screen because something selects another window I am only relating all of this because of the chance that I have some other trojan etc than what I stated above Another thing to note is that my system processes have risen from before the infection to after Also in my startup manager utility list in my TuneUp Utilities has doubled for some reason I'm not sure why WHAT I HAVE TRIED I have turned off my System Restore I have both Norton Internet Security and Norton AntiBot I have scanned multiple times with NIS using the updated definitions The strange thing is that Norton is detecting and blocking these infections but not eradicating them or even giving the option of doing something about them quarantine delete etc except for two days ago I was able to remove the files through Norton but they sprang back up about three hours later I also went to symantec's website to get a seperate Trojan Vundo and Adware Ezula fix they have available for download but it says that I am not infected with them when I run the program After finding this forum and joining I performed all of the steps outlined here http www bleepingcomputer com forums t preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help I followed these instructions fully and now I am at the last step which is posting my log For anybody who takes the time to help let me thank you in advance Here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS CTHELPER EXEC WINDOWS system CTXFIHLP EXEC Program Files Symantec Norton AntiBot agent bin NortonAntiBot exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft IntelliPoint ipoint exeC WINDOWS SYSTEM CTXFISPI EXEC Program Files ATI Technologies ATI ACE cli exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS arservice exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS system ctfmon exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system svchost exeC Program Files Symantec Norton AntiBot agent Bin NABWatcher exeC Program Files Symantec Norton AntiBot agent Bin NABAgent exeC Documents and Settings All Users Application Data U U Launcher LaunchU exeC Program Files Symantec Norton AntiB... Read more

A:Infected With Trojan.vundo, Adware.ezula And Trojan.metajuan

Hi,Start first with this free tool:Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files,
click YESOnce you click yes, your desktop will go blank as it starts removing
Vundo.When completed, it will prompt that it will reboot your computer,
click OK.Please post the contents of C:\vundofix.txt
.................

Next, run also this free tool and post the log it makes as well please.
Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Double click on combofix.exe & follow the prompts.
[list]When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

http://www.bleepingcomputer.com/forums/t/117514/infected-with-trojanvundo-adwareezula-and-trojanmetajuan/
Relevancy 40.85%

Thanks in advance for any assistance you may be able to provide I am running XP MCE SP and I've recently upgraded to Zone Alarm Extreme Security Updates to both have been well maintained for years When I upgraded ZAExtreme I allowed it to operate in learn mode I then after forgetting this fact fired up my machine at a local StarBucks and did some work Shortly thereafter I started to get the following error message The True Vector Internet Monitor has shut down Do you wish to restart it Restarting the True Vector service simply results in the same message popping up a few moments later The ZA UI reports that firewall and AV are disabled I followed the instructions on the following ZA forum thread http forums zonealarm com showthread php t - Safemode ZA deep scan found nothing - MBAM found nothing - SuperAnitspyware found some tracking cookies and ten Malware Installer-Pkg Gen entries in a WildTangent subdirectory with names like B A -DB - -AB D-BEEB E CD FA EXE I think I deleted all of these - I did not run A Free- Dr Web LiveCD scan detected the PWSBANKER origin PSW I may have transcribed incorrectly and the downloader It reported these as incurable so I told it to delete them - which it did I have since rebooted and re-run the Dr Web scan and it now Infected Trojan PWSBANKER.origin, download.38959 Trojan finds nothing I ran chkdsk this morning although I didn't reboot into safe mode to run it It generated six messages as follows Deleting index entry from of file I am now working through the process laid out at the BC thread Preparation Guide located at http www bleepingcomputer com forums t preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help My machine Infected Trojan PWSBANKER.origin, Trojan download.38959 is no longer able to access the internet at all although I can ping my local firewall router I'm not too anxious to have the machine connected under these conditions anyway I have run the DDS and RootRepeal utilities with results below The cygwin rsync service that gets started was put there by me non critical and can be disabled to debugging purposes if ti needs to be Again - any available assistance will be greatly appreciated Simply reviewing the information at this site has already been a great help DDS Ver - - - NTFSx Run by PMAD at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV ZoneAlarm Extreme Security Antivirus On-access scanning enabled Outdated D B - C- CAB- FF - B B F CF Infected Trojan PWSBANKER.origin, Trojan download.38959 AV On-access scanning disabled Updated B EE - - CDE-A Infected Trojan PWSBANKER.origin, Trojan download.38959 A-DD BA FAD FW disabled B - C F- -BDA - CA DA E FW ZoneAlarm Extreme Security Firewall enabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exesvchost exesvchost exeC Program Files CheckPoint ZAForceField IswSvc exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC Program Files Dell QuickSet quickset exesvchost exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Bonjour mDNSResponder exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS eHome ehRecvr exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC Program Files Canon MyPrinter BJMyPrt exeC Program Files Adobe Photoshop Al... Read more

A:Infected Trojan PWSBANKER.origin, Trojan download.38959

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/261525/infected-trojan-pwsbankerorigin-trojan-download38959/
Relevancy 40.85%

Hi my name is Mike and I recently scanned my computer with mbam and found Trojan small Trojan Sirefef Rootkit Access Trojan.Sirefef, Trojan.small, Rootkit.0Access w/ Infected I quickly deleted them after the scan restarted and found my desktop icons moved around and my color scheme changed I have not had any serious issues yet and would like Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access to prevent any ASAP My antivirus also popped up while I was scanning with mbam informing me of an infection I have used p p utorrent and this is likely the cause of it The last time I used utorrent was Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access about Tuesday so this is likely when it started I have read the pinned post on p p and how it can infect my computer and I have taken this into consideration I have also noticed that while scanning with mbam in Safe Mode it does not find anything but when in regular mode it does I have used TDSSKILLER ccleaner mbam so far nothing Mbam seems to find some files created by something else which on deletion and restart reappear At one point my buddy told me to download Microsoft Security Essentials I did and ran a scan The infection didn t like that and proceeded to bring up quot Windows has encountered a critical problem and will restart automatically in one minute Please save your work now quot then kept restarting I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped I followed steps - in the guide attached my logs hope that helps I have Windows Ultimate bit Any help would be much appreciated Thank you ------Logs------ DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by Mike at on - - Microsoft Windows Ultimate GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Program Files NVIDIA Corporation Display nvxdsync exe C Windows system nvvsvc exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Program Files Common Files Adobe ARM armsvc exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Windows System svchost exe -k LocalServiceNoNetwork C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C Program Files iRacing iRacingService exe C Windows system PnkBstrA exe C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files NETGEAR WNDA v WifiSvc exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files NVIDIA Corporation Raid nvraidservice exe C Program Files DivX DivX Update DivXUpdate exe C Program Files Microsoft Xbox Accessories XBoxStat exe C Program Files iTunes iTunesHelper exe C Program Files Logitech Gaming Software LWEMon exe C Program Files Logitech Gaming Software LCore exe C Program Files Common Files Java Java Update jusched exe C Program Files Realtek Audio HDA RtHDVCpl exe C Program Files NETGEAR WNDA v WNDA v exe C Program Files iPod bin iPodService exe C Windows system SearchIndexer exe C Program Files NVIDIA Corporation Display nvtray exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files Logitech Gaming Software Applets LCDMedia exe ... Read more

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/457894/infected-w-trojansmall-trojansirefef-rootkit0access/
Relevancy 40.85%

I have had my anti-virus Avast continuiously popup saying i have a trojan I delete it and then run XoftSpy And Winfixer,trojan Infected Vundo With Juan/vm, Downloader-new Trojan SE it also detects vundo and winfixer and downloader- New Juan VM I have also ran SuperanitSpyware It also tries to remove it all to find out it is still on there I have also ran Stinger it found nothing I am running Windows XP Also when i do this there Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo are others who also have different user names on it do i need to access each user and repeat the process for each user Sorry not sure of these things I have also experienced continous popups wanting me to download spyware antiviruses and to try and get rid of these are a real pain because they just Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo keep popping up Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC WINDOWS ARPWRMSG EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files Hp HP Software Update HPWuSchd exeC PROGRA Yahoo browser ybrwicon exeC PROGRA Yahoo YOP yop exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC WINDOWS eHome ehmsas exeC Program Files Wire PortalMon exeC PROGRA COMMON INSTAL UPDATE issch exeC Program Files DISC DISCover exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Yahoo browser ycommon exeC Program Files Messenger msmsgs exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files MySpace IM MySpaceIM exeC Program Files AIM aim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Updates from HP Program Updates from HP exeC WINDOWS system svchost exeC Program Files AIM aolsoftware exeC Program Files DISC DiscStreamHub exeC Program Files HP Digital Imaging bin hpqSTE exeC HP KBD KBD EXEc windows system hpsysdrv exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www yahoo com search ie htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Search... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

http://www.bleepingcomputer.com/forums/t/115034/infected-with-trojan-winfixertrojan-downloader-new-juanvm-and-vundo/
Relevancy 40.85%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Ahead InCD InCDsrv exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC WINDOWS System nvsvc exeC WINDOWS system slserv exeC Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS System svchost exeC WINDOWS SOUNDMAN EXEC Program Files Ahead InCD InCD exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Java jre bin jusched exeC Program Files Common Files Ahead lib NMBgMonitor exeC Program Files Mozilla Firefox firefox exeC Program Files Windows Media Player wmplayer exeC Program Files uTorrent uTorrent exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn com SEENMY SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Search Page http g msn com SEENMY SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Start Page http www ezy rhbinvest com ezy rhbinvest default aspR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Trojan With Program Trojan-downloader.win32.tiny.id Infected Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Infected With Trojan Program Trojan-downloader.win32.tiny.id Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn com SEENMY SAOS FORM TOOLBRO - Toolbar no name - AA A- D - CBE-A - A D D - no file O - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInitO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run Lexmark series quot C Program Files Lexmark series lxbtbmgr exe quot O - HKLM Run FaxCenterServer quot C Program Files Lexmark Fax Solutions fm exe quot sO - HKLM Run InCD C Program Files Ahead InCD InCD exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService isuspm exe quot -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run LXBTCATS rundll C WINDOWS System spool DRIVERS W X LXBTtime dll RunDLLEntry O - HKLM Run TkBellExe quot realsched exe quot -osbootO - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Internet Security avp exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SearchIndexer rundll exe quot C WINDOWS system bcvhfmgy dll quot sitypnowO - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead lib NMBgMonitor exe quot O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot backgroundO - HKCU Run BitTorrent quot C Program Files BitTorrent bittorrent exe quot --force start minimizedO - HKCU Run supervisor exe C WINDOWS supervisor exeO - HKCU Run IncrediMail C Program Files IncrediMail bin IncMail exe cO - Startup Adobe Gamma lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - Startup OneNote Screen Clipper and Launcher lnk C Program Files Microsoft Office Office ONENOTEM EXEO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Reader Reader reader sl exeO... Read more

A:Infected With Trojan Program Trojan-downloader.win32.tiny.id

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Conan Edogawa My name is Richie and i'll be helping you to fix your problems.*NOTE*If you have previously downloaded ComboFix,please delete that version and download it again from below. Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

http://www.bleepingcomputer.com/forums/t/109416/infected-with-trojan-program-trojan-downloaderwin32tinyid/
Relevancy 40.85%

My pride has been in the way of asking for help in situations like this but I think I am in way over my head so here goes I have been infected with multiple trojans and malware including Trojan TDSSTrojan Vundo HTrojan VirtumondeTrojan VundoGeneric artemisTrojan FakeAlertTrojan SenekaMalware TraceTrojan AgentSpyware OnlineGamesand most recently generic artemisI have used multiple scanner programs Malwarebytes Malware Windows Defender Spyware Doctor Norton Corporate Anti-virus and Lavasoft Adware AND I uninstalled Symantec Norton Anti-virus with trojan.Vundo trojan.Virtumonde and Infected generic!artemis Corperate and installed AVG and ran it in safemode and it had a Infected with trojan.Virtumonde trojan.Vundo and generic!artemis ton of virus that it detected I then removed AVG after it Infected with trojan.Virtumonde trojan.Vundo and generic!artemis was done and reinstalled Symantec Norton Coperate Anti-virus I also used Vundofix to rid myself of the Vundo I think I have finally gotten rid of vundo I pray I did really NASTY virus and most of the other virii but I just recently for safety sake scanned my pc using Mcaffee Stinger and I have the generic artemis virus I have no idea the damage that has been done to my pc but It is running terrible and My anti-virus has crapped out a couple of times during a scheduled scan Most of the time I cannot do a scheduled scan as it hangs up When I was infected with the Vundo Virus It screwed up my registry and did some really nasty damage to my winsock files I had someone look at it and they had me run FixVundo exe VundoFix exe and WinsockXPfix v exeI have downloaded hijack this and copy pasted the logs for anyone to PLEASE help me with I have the log of for anyone to help me a rid myself of all infections Repair the damage all the virus have causedAny help would be greatly appreciated Here is the recent log of STINGER McAfee Stinger Version built on Jan Copyright McAfee Inc All Rights Reserved Virus data file v created on Jan Ready to scan for viruses trojans and variants Scan initiated on Sun Jan Number of clean files Scan initiated on Mon Jan D Program Files Lavasoft Ad-Aware Registration registration helper prg Found trojan or variant Generic ArtemisD Program Files Lavasoft Ad-Aware Registration registration helper prg could not be repaired D Program Files MagicISO MagicISO exe Found trojan or variant Generic ArtemisD Program Files MagicISO MagicISO exe could not be repaired D Program Files Spyware Doctor Update exe Found trojan or variant Generic ArtemisD Program Files Spyware Doctor Update exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired G Program Files World of Warcraft WoW- -to- -enUS-downloader exe Found trojan or variant Generic ArtemisG Program Files World of Warcraft WoW- -to- -enUS-downloader exe could not be repaired Number of clean files Number of Trojans -------------------------------------------------------------HijackThis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WI... Read more

A:Infected with trojan.Virtumonde trojan.Vundo and generic!artemis

I don't mean to bump, but am I in the correct section to be posting this?

http://www.bleepingcomputer.com/forums/t/198273/infected-with-trojanvirtumonde-trojanvundo-and-genericartemis/
Relevancy 40.85%

I'm looking for help on my XP home edition. I have Symantec AntiVirus telling me I have Trojan.Fakeavalert. I have Window Defender telling me I have Win32/Renos and Win32/Fakeinit.

My desktop background has a large black and red message stating "YOUR SYSTEM IS INFECTED! ............. " Internet explorer is blocked on the machine. And I get many popups for fake virus removal.

What is the best course of action? I have many different solutions on the web but not sure which to go with.

A:Infected with Trojan.Fakeavalert, Trojan:Win32/Fakeinit and Renos

Moving to Am I Infected forum.

http://www.bleepingcomputer.com/forums/t/251210/infected-with-trojanfakeavalert-trojanwin32fakeinit-and-renos/
Relevancy 40.85%

HelloMy son has managed to get Trojan s on his laptop Windows XP Pro SP I deleted temporary files cleared cookies turned - Trojan-dropper.win32.agent.rvv Infected With Trojan.zlob off system restore and ran Norton A-Squared free SpyBot and Ad-aware SE Personal Norton claims to have dealt with trojan zlob and A-Squared found and cleared the trojan-dropperIs there anything else I need to worry about please If so please can you help me to remove it I have reached my level of understanding and am not technical enough to understand the Hijackthis log Many thanksLin The Hijackthis log follows Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Common Files Symantec Shared ccSetMgr Infected With Trojan.zlob - Trojan-dropper.win32.agent.rvv exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exec program files a-squared free a service exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files TOSHIBA ConfigFree CFSvcs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Norton Internet Security Norton AntiVirus navapsvc exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system ThpSrv exeC WINDOWS system TODDSrv exeC WINDOWS Explorer EXEC WINDOWS system igfxtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Analog Devices Core smax pnp exeC WINDOWS system THotkey exeC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC WINDOWS system TPSMain exeC WINDOWS system TPSODDCtl exeC WINDOWS system TFNF exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC Program Files TOSHIBA TouchED TouchED ExeC Program Files TOSHIBA Touch and Launch PadExe exeC Program Files TOSHIBA Tvs TvsTray exeC Program Files TOSHIBA ConfigFree NDSTray exeC WINDOWS system TPSBattM exeC Program Files Apoint K Apntex exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files TOSHIBA Wireless Hotkey TosHKCW exeC Program Files TOSHIBA TOSHIBA Direct Disc Writer ddwmon exeC WINDOWS system thpsrv exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files iTunes iTunesHelper exeC Program Files Protector Suite QL psqltray exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC WINDOWS system ctfmon exeC Program Files iPod bin iPodService exeC PROGRA Intel Wireless Bin Dot XCfg exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Symantec Shared Security Console NSCSRVCE EXEC Program Files Messenger msmsgs exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O ... Read more

A:Infected With Trojan.zlob - Trojan-dropper.win32.agent.rvv

Hi elsiegee40Please make sure you have system restore turned on again ... actually you should NOT have turned it off, you now have NO restore points to fall back upon. despite what Norton & others may say, you should not turn restore off (purge system restore) until your computer is clean ... even an infected restore point is better than none at all.Your hijackthis log is clean, but that doesn't mean your computer is, from experience I doubt Norton has removed all the malware ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.steam

http://www.bleepingcomputer.com/forums/t/163418/infected-with-trojanzlob-trojan-dropperwin32agentrvv/
Relevancy 40.85%

I may have plugged an Possibly with Trojan.zlob, and Infected Backdoor.bot, Trojan,vundo infected flash drive into my brand new Acer Aspire running Vista I wasn't sure if the drive was infected so I plugged it in didn't access it but scanned it with AVG Free and Malwarebyte's Anti-Malware The Anti-Malware scan turned up multiple instances of Trojan Possibly Infected with Backdoor.bot, Trojan.zlob, and Trojan,vundo zlob and Backdoor bot and AVG picked up nothing I removed the flash drive and ran a full scan with both programs on my laptop Again AVG picked up nothing but Malwarebyte's picked up the exact same instances of Trojan zlob and Backdoor bot now on my laptop The log lists the locations of the infected files as C Users Default My Documents My Music New Song lagu Backdoor Bot - gt Delete on reboot C Users Default My Documents My Music Video vidz Backdoor Bot - gt Delete on reboot C Users Default My Documents My Pictures aweks pikz Backdoor Bot - gt Delete on reboot C Users Default My Documents My Pictures seram pikz Backdoor Bot - gt Delete on reboot C Users Default My Documents My Music My Music url Trojan Zlob - gt Delete on reboot C Users Default My Documents My Pictures My Pictures url Trojan Zlob - gt Delete on reboot C Users Default My Documents My Videos My Video url Trojan Zlob - gt Delete on reboot Please note that when I originally scanned my flash drive the exact same instances of these infected files same filepaths and all were detected I'm then instructed to reboot my system which will then remove the infected files On reboot and rescan with Anti-Malware the same files turn up in the same places In addition Anti-Malware's realtime protection pops up and tells me that numerous running processes are infected with Trojan vundo If I attempt to terminate the processes it freezes my machine I turned off Anti-Malware's realtime protection downloaded and scanned with SuperAntiSpyware which detected nothing At this point I attempted a system restore The laptop is brand new so I wasn't concerned with losing any personal data I followed the recovery instructions to restore to factory settings The restore was successful but failed to remedy any of the above-mentioned problems Prior to any of these issues I made a set of recovery CDs I then attempted to recover from these CDs but the laptop is not appearing to recognize them and therefore won't restore from the CDs I made Kaspersky scan --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT Wednesday December Operating System Microsoft Windows Vista Home Premium Edition -bit Service Pack build Kaspersky Online Scanner version Program database last update Wednesday December Records in database --------------------------------------------------------------------------------Scan settings Scan using the following database extended Scan archives yes Scan mail databases yesScan area - Critical Areas C Program Files C ProgramData Microsoft Windows Start Menu Programs Startup C Users Carol AppData Roaming Microsoft Windows Start Menu Programs Startup C WindowsScan statistics Files scanned Threat name Infected objects Suspicious objects Duration of the scan No malware has been detected The scan area is clean The selected area was scanned RSIT quot info quot log info txt logfile of random's system information tool - - Uninstall list -- RunDll C PROGRA COMMON INSTAL engine INTEL Ctor dll LaunchSetup quot C Program Files InstallShield Installation Information A D- F - F - -D B E D Setup exe quot -uninstall-- RunDll C PROGRA COMMON INSTAL engine INTEL Ctor dll LaunchSetup quot C Program Files InstallShield Installation Information AA BF B- AAF- DA- D - D Setup exe quot -uninstall Microsoft Office Suite Service Pack SP -- msiexec package - - - - FF CE uninstall CA ECC -DBD - - F C-AA AD D E Microsoft Office Suite Service Pack SP -- msiexec package - - - - FF CE uninstall CA ECC -DBD - - F C-AA AD D E Microsoft Office Suite Servic... Read more

A:Possibly Infected with Backdoor.bot, Trojan.zlob, and Trojan,vundo

Hello MissCarolWelcome to BleepingComputer ========================If you are still in need of assistance please post a newRsit log.

http://www.bleepingcomputer.com/forums/t/185576/possibly-infected-with-backdoorbot-trojanzlob-and-trojanvundo/
Relevancy 40.85%

windows keep popping up all my security Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare Infected with programs can not run i cannot install windows defender and the computer is much slower and constant stating that spyware has been detected Below I have pasted the log and info text file generated from the RSIT program Thank you or all your help Logfile of random's system information tool written by random random Run by Narda at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS System Ati evxx exeC WINDOWS System svchost exeC Program Files Sony VAIO Media Music Server SSSvr exeC Program Files Sony Photo Server appsrv PhotoAppSrv exeC Program Files Viewpoint Common ViewpointService exeC Program Files Common Files Sony Shared VAIO Media Platform SV Httpd exeC Program Files Common Files Sony Shared VAIO Media Platform sv httpd exeC Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exeC Program Files Common Files Sony Shared VAIO Media Platform UPnPFramework exeC Program Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare Files Apoint Apoint exeC Program Files ATI Technologies ATI Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare Control Panel atiptaxx exeC Program Files Sony HotKey Utility HKserv exeC WINDOWS Sonysys VAIO Recovery reminder exeC Program Files Java jre bin jusched exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINDOWS system Rundll exeC Program Files icrosoft NET hkntfs exeC DOCUME Narda APPLIC FNTS wucrtupd exeC Program Files Apoint Apntex exeC WINDOWS system ctfmon exeC WINDOWS System svchost exeC Program Files PowerPanel Program PcfMgr exeC Program Files Sony HotKey Utility HKWnd exeC Program Files Java jre bin jucheck exeC Program Files Mozilla Firefox firefox exeC Program Files Microsoft Office Office WINWORD EXEC Program Files Adobe Reader Reader AcroRd exeC Program Files Common Files Adobe Updater AdobeUpdater exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system rundll exeC Documents and Settings Narda Desktop RSIT exeC Program Files trend micro Narda exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www sony com vaiopeopleO - BHO no name - C D - B - B - ABE-BDD E DDE - C WINDOWS System efeca dllO - BHO no name - ef f - - a-b -a e a - C WINDOWS System duweweba dllO - BHO e d- f a-b ba- a - a e dfe - efd e - a - a -ab b-a f d e - C WINDOWS system jnwvqo dllO - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dllO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run ATIModeChange Ati mdxx exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run Mouse Suite Daemon ICO EXEO - HKLM Run ZTgServerSwitch c program files support com client lserver server vbsO - HKLM Run HKSERV EXE C Program Files Sony HotKey Utility HKserv exeO - HKLM Run CreateCD Reminder C WINDOWS Sonysys VAIO Recovery reminder exeO - HKLM Run VAIO Recovery C Windows Sonysys VAIO Recovery PartSeal exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run kajezuhiwo Rundll exe quot C WINDOWS System mejiyolo dll quot sO - HKLM Run ZoneAlarm Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run BM b f Ru... Read more

A:Infected with Trojan.Win32/Trojan-Downloader/not-a-virus.AdWare

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back here in your next reply.

http://www.bleepingcomputer.com/forums/t/182876/infected-with-trojanwin32trojan-downloadernot-a-virusadware/
Relevancy 40.85%

My computer is being redirected when I click on one of my searches on google to advertising companies and when I try to delete the viruses trojan, etc.. with other zlob, freezing downloader trojan Infected slugish and very I have on my AVG it won t allow me to open my virus vault I have windows xp It won t allow me to open spywall spybot or other antispyware AVG said I have trojan horse downloader zlob AOKR tracking cookie Yadro tracking cookie tracking cookie Revsc I downloaded HJT many times and the first time is started scanning and stopped in the middle and when I tried to open it doesn t allow me to open I started a scan with an antivirus called paretologic on all of my computer and Infected with trojan downloader zlob, other trojan, freezing and very slugish etc.. it took over hrs so I stopped Infected with trojan downloader zlob, other trojan, freezing and very slugish etc.. it in the middle as I need to use my computer as I use it for business It picked up a whole bunch of other viruses and trojans in during that time Only the scan is free and I am unable to retrieve the history of the scan so I can t post the viruses On top of all this my computer has been really slow for months and also takes about - min to fully reboot Lately it freezes almost everyday at least once I am relatively new at this and am not familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient I am in desperate need of help as I use my computer for my business Thanks nbsp

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

https://forums.techguy.org/threads/infected-with-trojan-downloader-zlob-other-trojan-freezing-and-very-slugish-etc.858254/
Relevancy 40.85%

Hi my name is Mike and I recently scanned my computer with mbam and found Trojan small Trojan Sirefef Rootkit Access I quickly deleted them after the scan restarted and found my desktop icons moved around and my color scheme changed I Rootkit.0Access Trojan.Sirefef, Infected Trojan.small, w/ have not had any serious issues yet and would like to prevent any ASAP My antivirus also popped up while I was scanning with mbam informing me of an infection I have used p p utorrent and this is likely the cause of it The Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access last time I used utorrent was about Tuesday so this is likely when it started I have read the pinned post on p p and how it can infect my computer and I have taken this into consideration Any help from here on out would be much appreciated I have also noticed that while scanning with mbam in Safe Mode it does not find anything but when not in Safe Mode it does I have Windows bit Ultimate used Mbam tdsskiller ccleaner Thank you -Mike

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/457864/infected-w-trojansmall-trojansirefef-rootkit0access/
Relevancy 40.85%

My computer is infected with virus I have use combofix exe to fix it but still cannot My computer is infected with Trojan program Trojan-Downloader Win Genome skj which is detected by Kaspersky Thought the infected file is nothing then i had open it in a safe run shared folder then my computer is infected with with Genome.skj program Trojan Trojan-Downloader.Win32 Infected virus After my computer was infected Even no program is running the Infected with Trojan program Trojan-Downloader.Win32 Genome.skj cpu usage is more than svchost exe is running under the user name of bryan not system or local service When i end the process after a few second it come back automatic Or when i go online and try to end the process svchost exe username bryan my network usage go back to zero I did not download anything or surfing the web and when svchost exe start username bryan the network usage goes up Usage is around Plus IEXPLORE EXE running even i did not open the internet explorer I have run a Infected with Trojan program Trojan-Downloader.Win32 Genome.skj full scan with Kaspersky Internet Security and the database are up to date but unable to detect it The virus was downloaded in http server cn crack crack exe File size kb Can anyone tell me how to fix it And what does this virus do

A:Infected with Trojan program Trojan-Downloader.Win32 Genome.skj

Welcome to BCYou have a rootkit infectionPlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

http://www.bleepingcomputer.com/forums/t/262129/infected-with-trojan-program-trojan-downloaderwin32-genomeskj/
Relevancy 40.85%

My computer is being redirected when I click on one of my slugish downloader trojan, freezing etc.. trojan other with Infected very zlob, and searches on google to advertising companies and when I try to delete the viruses I have on my AVG it won t allow me to open my virus vault I have windows xp It won t allow me to open spywall spybot or other antispyware AVG said I have trojan horse downloader zlob AOKR tracking cookie Yadro tracking cookie tracking cookie Revsc I started a scan with an antivirus called paretologic on all of my computer and it took over hrs so I stopped it in the middle as I need to use my computer as I use it for business It picked up a whole bunch of other viruses and trojans in during that time Only the scan is free and I am unable to retrieve the history of the scan so I can t post the viruses On top of all this my computer has been really slow for months and also takes about - min to fully reboot Lately it freezes almost everyday at least once I am relatively new at this and am not Infected with trojan downloader zlob, other trojan, freezing and very slugish etc.. familiar with posting registers or history or the components of my computer and am not sure what that is so please be patient I am in desperate need of help as I use my computer for my business Thanks nbsp

A:Infected with trojan downloader zlob, other trojan, freezing and very slugish etc..

The General Security forum is only for general questions regarding security software and things of that nature but not for actually removing malware as we have qualified helpers who are the only members who are authorized to assist with those matters. You can easily identify them as they have either a gold or blue shield beside their usernames. Please refer to this excerpt from the rules:

http://www.techguy.org/rules.html

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. If you'd like to participate in a training program, please contact a Moderator or see this article.Click to expand...

I'm going to close this thread and ask you to repost in the Malware Removal & HijackThis Logs forum for the proper assistance.
 

https://forums.techguy.org/threads/infected-with-trojan-downloader-zlob-other-trojan-freezing-and-very-slugish-etc.858028/
Relevancy 40.85%

Hello My computer appears to have been infected by the Antivirus Pro virus a few weeks ago suddenly Mozilla was hijacked redirected to another site see below Suddenly numerous fake antivirus screens suggesting I had a virus At the time of infection I was using McAfee Total Protection Service as well as an older version of MBAM not runtime version Steps I followed Killed ave exe process and manually deleted all instances in the file system application data folder and registry Created and ran fix reg which allowed me to download and execute other programs which I was unable to do up to that point Ran SDFIX exe which didn t report anything At some point I Infected Pro Trojan.Fraudpack 2010: with Antivirus Trojan.FakeAlert.Gen, then rebooted and the issue occurred again Updated and ran MBAM and it showed Trojans in the log file which I then quarantined I then downloaded and ran Stopzilla which then quarantined and deleted ave exe I ran MBAM after that and it came back completely clean Also since Yahoo wasn t showing up correctly in the browser I reinstalled the Java runtime environment assuming it got screwed up somehow At that point I turned off my PC for the night Upon reboot later the next day Stopzilla showed AVE exe was there again Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack I continue to have browser hijacks and sometimes my laptop hangs if the hijack occurs when I am out of the office If I close the hijack right away there are no outward signs of issues Every so often McAfee will report it has deleted certain viruses as below But none of the tools seems to be able to resolve the issue permanently Here are links from the two of the browser hijacks hxxp v nks cc XAa une q MSeS b b a da cbf xhxxp a cn XvQ ifX j QSXO ee d d a c a f fcc kSome of the files that have been deleted by McAfee in the last few days ILEE EXE - Generic Fake Alert gzAVE EXEFakeAlert - WinWeb Security CFakeAlert - Xpspy Av exeArtemis BFF D B I have attached the DDS GMER and MBAM logs Thanks in advance for your assistance Matt

A:Infected with Antivirus Pro 2010: Trojan.FakeAlert.Gen, Trojan.Fraudpack

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/312647/infected-with-antivirus-pro-2010-trojanfakealertgen-trojanfraudpack/
Relevancy 40.85%

My browser keeps redirecting to various sites From google and other sites AVG has detected and horse with infected ../windows/assembly/GAC_32/desktop.ini services.exe patched_c.lxt, trojan trojan.generic15.axla that system services exe is infected with trojan horse patched c lxt It has also detected that windows assembly GAC desktop ini is infected with trojan generic axla Malware bytes detected that a file in services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla the windows installer folder was infected with trojan dropper bcmilner and services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla healed it problem Still remains please help DDS and GMER logs are attached Below is the DDS log Any help is much appreciated DDS Ver - - - NTFSAMD Internet Explorer Run by LesH at on - - Microsoft Windows Professional GMT AV AVG Internet Security Business Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Internet Security Business Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW AVG Firewall Enabled CC - -F -D - E EA B Running Processes C PROGRA AVG AVG avgchsva exe C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Program Files x Common Files logishrd LVMVFM UMVPFSrv exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Windows avgagent exe C Program Files x AVG AVG avgfws exe C Program Files x AVG AVG avgwdsvc exe C Program Files x Kodak AiO Center EKAiOHostService exe C Program Files x LogMeIn x LMIGuardianSvc exe C Program Files x LogMeIn x RaMaint exe C Program Files x LogMeIn x LogMeIn exe C Windows system svchost exe -k imgsvc C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files x AVG AVG avgam exe C Program Files x AVG AVG avgcsrvx exe C Program Files x AVG AVG avgnsa exe C Windows system WUDFHost exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x AVG AVG avgemca exe C Windows system conhost exe C Program Files x AVG AVG avgcsrva exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files x LogMeIn x LogMeInSystray exe C Windows System spool drivers x EKAiO MUI exe C Program Files x Skype Phone Skype exe C Users LesH AppData Roaming Dropbox bin Dropbox exe C Program Files x AVG AVG avgtray exe C Program Files x Common Files Java Java Update jusched exe C Program Files x Logitech LWS Webcam Software LWS exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files x Logitech LWS Webcam Software CameraHelperShell exe C Program Files x Common Files Logishrd LQCVFX COCIManager exe C Program Files x AVG AVG Identity Protection agent bin avgidsmonitor exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system SearchIndexer exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Program Files x Microsoft Office Office OUTLOOK EXE C Program Files x AVG AVG avgcsrvx exe C Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXE C Program Files x Malwarebytes Anti-Malware mbamservice exe C PROGRA AVG AVG avgrsa exe C Program Files x AVG AVG avgcsrva exe quot C Windows SysWOW svchost exe quot -k LocalServiceDns C Program Files x Internet Explorer iexplore exe C Windows system SearchProtocolHost exe C Windo... Read more

A:services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

http://www.bleepingcomputer.com/forums/t/458275/servicesexe-infected-trojan-horse-patched-clxt-and-windowsassemblygac-32desktopini-with-trojangeneric15axla/
Relevancy 40.42%

Hi I had ran several anti virus and spyware removal programs such as the spyware doctor the f-secure anti virus and the microsoft security scanner to remove the above trojan horses to no avail All the programs were able to detect the malwares but even after And Trojan.virtumode Trojan-downloader.conhook Infected With applying their solutions the malwares will appear again even after an immediate rescan of the system The Trojan virtumode seems to be removed after i used a program Infected With Trojan-downloader.conhook And Trojan.virtumode called VundoFix but i'm not really Infected With Trojan-downloader.conhook And Trojan.virtumode sure so i included it in the topic title just in case Below is my log file obtained using hijackthis My exams are a few days away and i really need my com to be working properly and free from irritation to be able to study Your help will be greatly appreciated THANKS By the way i did try disabling system restore and do all the scans again But it just doesnt work Please Please Please Help THANKS Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS system hkhjshso exeC PROGRA NORTON NORTON NPROTECT EXEC Program Files Spyware Doctor svcntaux exeC Program Files Spyware Doctor swdsvc exeC Program Files Spyware Doctor SDTrayApp exeC PROGRA NORTON NORTON SPEEDD NOPDB EXEC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system wdfmgr exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WUSB Gv exeC WINDOWS System alg exeC WINDOWS SOUNDMAN EXEC Program Files Java jre bin jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files iTunes iTunesHelper exeC Program Files iPod bin iPodService exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files DLMage DnloadMage exeC WINDOWS system WgaTray exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com sg R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId O - Toolbar no name - A AE -FBED- -A BF- AF - no file O - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run NeroCheck C WINDOWS system NeroCheck exeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE isusp... Read more

A:Infected With Trojan-downloader.conhook And Trojan.virtumode

Please do the following:Download ComboFix Save to the Desktop. <<<Important!!Now, go to Start > Run, and copy/paste the following single line command in the Open box: "%userprofile%\desktop\combofix.exe" /killall Example:Click:OKFollow the prompts. Then type 1 and press Enter to begin the scan.Do not mouse-click the ComboFix window while it runs. It may cause it to stall.When finished, a log, ComboFix.txt, is produced.~~~~Run HijackThis once again to obtain a new log.~~~~Please provide the contents of the ComboFix log , and the new HijackThis log in your reply.

http://www.bleepingcomputer.com/forums/t/117137/infected-with-trojan-downloaderconhook-and-trojanvirtumode/
Relevancy 40.42%

Hello can somebody help me to remove this Malware please Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Trojan Infected: Trojan.win32.monder.zk Program svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv Infected: Trojan Program Trojan.win32.monder.zk exeC Program Files ActivIdentity ActivClient Mini acachsrv exeC Program Files ActivIdentity ActivClient Mini accoca exeC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Bonjour mDNSResponder exeC WINDOWS system RUNDLL EXEC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Analog Devices Core smax pnp exeC WINDOWS system IFXSPMGT exeC Program Files ActivIdentity ActivClient Mini accrdsub exeC Program Files Java jre bin jusched exeC WINDOWS system IFXTCS exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Autodesk ds Max mentalray satellite raysat dsMax server exeC Program Files Adobe Acrobat Acrobat Acrotray exeC WINDOWS system nvsvc exeC Program Files iTunes iTunesHelper exeC Program Files ProtectTools Embedded Security Software PSDsrvc EXEC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC WINDOWS system rundll exeC Documents and Settings All Users Application Data Macrovision FLEXnet Connect ISUSPM exeC WINDOWS system ctfmon exeC Program Files ActivIdentity ActivClient Mini acevents exeC Program Files Raxco PerfectDisk PDSched exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exeC Program Files iPod bin iPodService exeC Program Files Hewlett-Packard Shared HpqToaster exeC Program Files ProtectTools Embedded Security Software PSDrt exeC Program Files Mozilla Firefox firefox exeC Program Files AutoCAD Architecture acad exeC DOCUME JAMESL LOCALS Temp AdskCleanup C Program Files Common Files Autodesk Shared WSCommCntr exeF PhoneConnectorVMC exeF vmc exeC PROGRA Yahoo MESSEN YAHOOM EXEC Program Files Yahoo Messenger ymsgr tray exeC Program Files Internet Explorer iexplore exeC Documents and Settings James LG Desktop HiJackThis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO PK IE Plugin - E B - FF- D - D -D ACAC A - C Program Files Jam Jamwb dll file missing O - BHO no name - DBABED- FA - A -AE - A F - C WINDOWS system ljJATNdE dllO - BHO DIALux ULDBrowserHelper Class - AB A- CE - BF -B B- B A F FB - C Program Files DIALux DLXShellExtension dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - FC F- - D -AE - BA E C - C WINDOWS system wvUlliJD dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run nwiz nwiz exe installquiet nodetectO - HKLM Run QlbCtrl exe C Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe StartO - HKLM Run SynTPStart C Program Files Synaptics SynTP SynTPStart exeO - HKLM Run hpWirelessAssistant C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeO - HKLM Run Cpqset C Program Files HPQ Default Settings cpqset exeO - HKLM Run SoundMAX C Program Files Analog De... Read more

A:Infected: Trojan Program Trojan.win32.monder.zk

Hello JAMESLG and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/154143/infected-trojan-program-trojanwin32monderzk/
Relevancy 40.42%

I got infected this morning after download email attachment after opened the zip file a program call Antivirus Security pro was installed on my computer without my permission after the program was installed I couldn t run or open any programs My Antivirus software McAffee didn t detected viruses when I run a scan before this I with and a Trojan.Inject.RRE infected got mornign Trojan.FakeAlert.RRE I open the zip After the software was install McAffee had block any oncoming connections from various IP Address that want to get into my computer I finally manage to uninstall the Antivirus Security pro from my programs and features from windows without any hassle I tried to run McAffee after that to see if could pick any viruses on my I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE computer but found nothing due that I wasn t very sure I download Malwarebytes run I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE the solfware and found two Trojans on my computer which I remove this morning Now this evening I have run again another scan with Malwarebytes and found another four Trojans three of them are call Trojan FakeAlert RRE and one of them is call Trojan Inject RRE The reason I am posting this is because I want to make sure that my computer is completely clean of any malware or anything that can damage my computer or someone try to hack on my computer or stole anything I ll appreciate some help thanks Sorry for my English

A:I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE

Please run the following tools and post the logs of each scan to your next post so that we can see what has been found
 
Rkill
http://www.bleepingcomputer.com/download/rkill/dl/10/
 
Superantispyware
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
 
adwcleaner
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
 
Junkware removal tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
 
If you have any questions about any of the programs then please feel free to ask

http://www.bleepingcomputer.com/forums/t/509536/i-got-infected-this-mornign-with-a-trojanfakealertrre-and-trojaninjectrre/
Relevancy 40.42%

Hi,

My partner's laptop is infected with a pretty nasty virus (and she gave me the job of fixing it!).

The virus killed the internet connection, disabled Norton anti-virus and generally slows down the whole machine.

I already ran malwarebytes anti-malware, which found the following:
Trojan.Downloader
Trojan.Agent
Trojan.Spammer
Rootkit.Bagle

Malwarebytes tried to remove the infected files but the virus just returns on reboot.

I also ran hijackthis. I can post both the logs if requested.

Thanks in advance for any help!

Cheers,
Karol.

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hi Karol and welcome to BC Let's do a few tasks. If you are using a wireless router, please reset it and make sure it is set to automatically obtain a DNS address. Routers vary, so you may have to reference your manual. If you do not have a manual, please let us know what the model and make of your router is. Also, please make sure you place an administrator password on your router. Don't forget to write this information down = you may need it 6 months from now Please rerun Malwarebytes using these instructions:On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/t/228965/infected-with-trojandownloader-trojanagent-bagle/
Relevancy 40.42%

As I mentioned in the above title my up to Zlob (wcs.exe) XP and Trojan with Trojan infected Win (zfe2.exe) Brojack date win xp sp has been infected with zlob and brojack trojans from suspicious exe wcs and zfe files My Win XP infected with Trojan Zlob (wcs.exe) and Trojan Brojack (zfe2.exe) deckard scan info is shown below The panda scan info and extra materials are attached Thank you ahead of time for all your help Deckard's System Scanner v Run by Amos Lon Sit on - - Computer is in Normal Mode -------------------------------------------------------------------------------- System Drive C has GiB less Win XP infected with Trojan Zlob (wcs.exe) and Trojan Brojack (zfe2.exe) than free -- HijackThis run as Amos Lon Sit exe ---------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss Win XP infected with Trojan Zlob (wcs.exe) and Trojan Brojack (zfe2.exe) exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA SYMANT SYMANT DefWatch exe C Program Files ewido anti-spyware guard exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C PROGRA SYMANT SYMANT Rtvscan exe C Program Files OpenCase OpenCASE Media Agent MediaAgent exe C WINDOWS system PnkBstrA exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C Program Files Apoint Apoint exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Dell Media Experience PCMService exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Common Files InstallShield UpdateService issch exe C PROGRA SYMANT SYMANT vptray exe C WINDOWS system dla tfswctrl exe C Program Files Java jre bin jusched exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files DataViz DvzIncMsgr exe C Program Files Digital Line Detect DLG exe C Program Files palmOne HOTSYNC EXE C Program Files Logitech MouseWare system em exec exe C Program Files Apoint Apntex exe C Program Files Canon CAL CALMAIN exe C WINDOWS system wscntfy exe C Program Files iPod bin iPodService exe C Program Files Intel Wireless Bin Dot XCfg exe C Documents and Settings Amos Lon Sit Desktop dss exe C PROGRA TRENDM HIJACK AMOSLO EXE R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO BitComet ClickCapture - F E - A- B ... Read more

A:Win XP infected with Trojan Zlob (wcs.exe) and Trojan Brojack (zfe2.exe)

Hello and welcome to TSF.

Sorry for the delayed response. If you have not received help elsewhere and still need help please post a fresh main.txt as it has been a while since you posted.

http://www.techsupportforum.com/forums/f100/win-xp-infected-with-trojan-zlob-wcs-exe-and-trojan-brojack-zfe2-exe-267632.html
Relevancy 40.42%

Hi Guys I've had a virus on my Trojan.cachecachekit Horse / Generic.gm Trojan With Infected computer for months now but can't remove it Norton says it's trojan cachecachekit and AVG says it's trojan Infected With Trojan.cachecachekit / Trojan Horse Generic.gm horse Generic GM I've done scans with Panda AVG Ewido Stinger Spybot Ad-Aware SE CCleaner in both safe mode and normal mode but nothing seems to work It SEEMS once the system boots up it re-installs itself The popups are so bad I can't even work on the computer If I wanna work then I need to disable my anti-virus shield My laptop is a dual boot system win pro and win xp So far I only see problem with win Win XP seems to be fine I have a wireless network at home but this virus was caught while I was away from home I have tried suggestions from other forums and Symantec but so far nothing has worked Now either it's re-formatting the HD or you guys Pleaaaaaaaaaase don't make me re-format my HD Thanks for all you help in advance Here is the most recent Hijackthis log Logfile of HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes D WINNT System smss exeD WINNT system winlogon exeD WINNT system services exeD WINNT system lsass exeD WINNT system svchost exeD WINNT System svchost exeD WINNT system spoolsv exeD PROGRA Grisoft AVG avgamsvr exeD PROGRA Grisoft AVG avgupsvc exeD PROGRA Grisoft AVG avgemc exeD Program Files Belkin Belkin Wireless Network Utility WLService exeD Program Files Belkin Belkin Wireless Network Utility WLanCfgG exeD Program Files Cisco Systems VPN Client cvpnd exeD Program Files ewido anti-malware ewidoctrl exeD Program Files ewido anti-malware ewidoguard exeD WINNT System nvsvc exeD WINNT system MSTask exeD WINNT System WBEM WinMgmt exeD WINNT system svchost exeD WINNT Explorer EXED WINNT SOUNDMAN EXED WINNT AGRSMMSG exeD Program Files ltmoh Ltmoh exeD Program Files Synaptics SynTP SynTPLpr exeD Program Files Synaptics SynTP SynTPEnh exeC Program Files Launch Manager LaunchAp exeC Program Files Launch Manager PanelICON exeC Program Files Launch Manager OSD exeD WINNT System LVCOMSX EXED Program Files Logitech Video LogiTray exeD WINNT system rundll exeD Program Files FacetCorp FacetWin fwagent exeD Program Files Citrix ICA Client pnagent exeD Program Files Logitech Video FxSvr exeD WINNT System SCardSvr exeD Program Files Yahoo Messenger ymsgr tray exeD Documents and Settings Zia Mirza Desktop HijackThis exeO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - D Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO no name - - F - D - - D F - D PROGRA SPYBOT SDHelper dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - D Program Files Yahoo Companion Installs cpn yt dllO - Toolbar amp Radio - E - F- D - E- A C - D WINNT System msdxm ocxO - HKLM Run Synchronization Manager mobsync exe logonO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run LtMoh D Program Files ltmoh Ltmoh exeO - HKLM Run SynTPLpr D Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh D Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run LaunchAp C Program Files Launch Manager LaunchAp exeO - HKLM Run HotkeyApp C Program Files Launch Manager HotkeyApp exeO - HKLM Run LMgrPanelICON C Program Files Launch Manager PanelICON exeO - HKLM Run LMgrOSD C Program Files Launch Manager OSD exeO - HKLM Run Wbutton quot C Program Files Launch Manager Wbutton exe quot O - HKLM Run AVManager quot D Program Files Wistron AVManager AVManager exe quot O - HKLM Run NvCplDaemon RUNDLL EXE D WINNT System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run Microsoft IIS D WINNT system syshost exeO - HKLM Run NeroCheck D WINNT System NeroCheck exeO - HKLM Run LVCOMSX D WINNT System LVCOMSX EXEO - HKLM Run LogitechVideoRepair D Program Files Logitech Video ISStart exeO - HKLM Run LogitechVideoTray D Program Files Logitech Video LogiTray exeO - HKLM Run Microsoft Windows Autowxckn auto... Read more

A:Infected With Trojan.cachecachekit / Trojan Horse Generic.gm

Fix these with HJT ? mark them, close IE, click fix checkedO4 - HKLM\..\Run: [Microsoft IIS] D:\WINNT\system32\syshost.exe O4 - HKLM\..\Run: [Microsoft Windows Autowxckn] autowxckn.exe O4 - HKLM\..\RunServices: [Microsoft Windows Autowxckn] autowxckn.exeO4 - HKCU\..\Run: [Microsoft Windows Autowxckn] autowxckn.exeO23 - Service: File copy caching service (cpy) - Unknown owner - D:\WINNT\cpy.exeO23 - Service: Mod Libary (modlb) - Unknown owner - D:\WINNT\modlb.exe (file missing)=================Click Start > Run > and type in:services.mscClick OK.In the services window find File copy caching serviceRightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.Repeat for - Mod Libary=============DownLoad http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. D:\WINNT\system32\syshost.exeNote: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.START ? RUN ? type in %temp% OK - Edit ? Select all ? File ? DeleteDelete everything in the C:\Windows\Temp folder or C:\WINNT\tempEmpty the recycle binBoot and post a new log from normal NOT safe modePlease give feedback on what worked/didn?t work and the current status of your system

http://www.bleepingcomputer.com/forums/t/38762/infected-with-trojancachecachekit-trojan-horse-genericgm/
Relevancy 40.42%

My laptop became infected today with a Trojan that AVG Antivirus described as Trojan Downloader zlob and Trojan Clicker VBE The trojan caused the PC to crash and reboot after it first appeared added two porn web site shortcuts to my desktop and made both IE and Firefox begin popping up a website for quot AntiVirus quot which I learned from a quick search via my desktop which is not networked to the laptop was some Clicker.VSE Trojan Downloader.zlob, Infected Trojan with sort of scam The malware also Infected with Trojan Downloader.zlob, Trojan Clicker.VSE did something that kept me from accessing this web site the site for Ad Aware and several other web sites related to Malware removal I ran a full scan with AVG and it found several files which it quarantined including quot prrunnet exe quot and quot msiconf exe quot After that I cleared all caches and temporary internet files for both browsers but the pop-ups continued I then ran Malwarebyte's Anti-Malware and that found and removed additional files I then rebooted and the pop-ups and web site blocking are gone I'm still having an with the quot DCOM Server Process Launcher quot crashing which forces the computer to reboot I'm also not sure all the malware has been removed so I'm hoping someone can take a look at my DDS logs Here is my DDS txt report and the Attach txt file is attached Thank you in advance DDS Version - NTFSx Run by Patrick Toman at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG On-access scanning enabled Updated FW Norton Internet Worm Protection disabled FW AVG Firewall enabled Running Processes C WINDOWS system Ati evxx exeC WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exeC PROGRA Grisoft AVG avgrssvc exesvchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgrssvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system HPZipm exeC WINDOWS system svchost exe -k imgsvcC PROGRA Grisoft AVG avgfwsrv exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files HP QuickPlay QPService exeC Program Files HPQ Quick Launch Buttons EabServr exeC Program Files hpq HP Wireless Assistant HP Wireless Assistant exeC Program Files QuickTime QTTask exeC PROGRA Grisoft AVG avgcc exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Microsoft Office Office FINDFAST EXEC Program Files Microsoft Office Office OSA EXEC PROGRA hpq Shared HPQTOA EXEC Documents and Settings Patrick Toman Desktop dds scr Pseudo HJT Report uStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd presario amp pf laptopuSearch Bar hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c Q amp bd presario amp pf laptopBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dllTB amp Google c b - - d - b - a cd f - c program files google googletoolbar dllTB C E A- F - E-B E- B - No FileuRun ctfmon exe c windows system ctfmon exemRun ATIPTA quot c program files ati technologies ati control panel atiptaxx exe quot mRun HP Software Update c program files hp hp software update HPWuSchd exemRun SynTPEnh c pro... Read more

A:Infected with Trojan Downloader.zlob, Trojan Clicker.VSE

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled.Since AVG is outdated, please uninstall it using Add/Remove Programs. Reboot after the uninstall.Download and Run ComboFixIf you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).Download Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.In your next reply include:-the ComboFix log-a new HijackThis or DDS logPlease also tell me of any changes you have made to your computer since you started your topic.With Regards,The Panda

http://www.bleepingcomputer.com/forums/t/191634/infected-with-trojan-downloaderzlob-trojan-clickervse/
Relevancy 40.42%

Hello I have been trying to fix my infected computer for some while now While going through a Bleeping Computer tutorial I read the recommendation to run Emsisoft Antimalware scanner It returned problem files in which one was Trojan Win Injector and and two were Trojan GenericKD I am attaching a and Infected with Trojan.GenericKD1947420 Trojan.Win32.Injector photo of what I found I am also attaching my FRST scan Scan result of Farbar Recovery Scan Tool FRST x Version - - Ran by Jackie administrator on JACKIE-PC - - Running from C Users Jackie Desktop Loaded Profiles Jackie Available Profiles Jackie amp RosettaStone Spanish amp Admin Platform Windows Home Premium Service Pack X Language English United States Internet Explorer Version Default browser IE Boot Mode Normal Tutorial for Farbar Recovery Scan Tool http www geekstogo com forum topic -frst-tutorial-how-to-use-farbar-recovery-scan-tool Processes Whitelisted If an entry is included in the fixlist the process will be closed The file will not be moved Stardock Corporation C Program Files Dell DellDock DockLogin exe Emsisoft Ltd C Program Files x Emsisoft Anti-Malware a service exe Dell Inc Infected with Trojan.Win32.Injector and Trojan.GenericKD1947420 C Program Infected with Trojan.Win32.Injector and Trojan.GenericKD1947420 Files Dell DW WLAN Card WLTRYSVC EXE Dell Inc C Program Files Dell DW WLAN Card BCMWLTRY EXE Microsoft Corporation Infected with Trojan.Win32.Injector and Trojan.GenericKD1947420 C Windows System wlanext exe Apple Inc C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe Apple Inc C Program Files Bonjour mDNSResponder exe Carbonite Inc www carbonite com C Program Files Carbonite Carbonite Backup CarboniteService exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components LMS LMS exe Malwarebytes C Program Files x MALWAREBYTES ANTI-MALWARE mbamscheduler exe Malwarebytes C Program Files x MALWAREBYTES ANTI-MALWARE mbamservice exe Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE Yahoo Inc C Program Files x Yahoo SoftwareUpdate YahooAUService exe Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSVCM EXE Intel Corporation C Program Files x Intel Intel reg Management Engine Components UNS UNS exe Malwarebytes C Program Files x MALWAREBYTES ANTI-MALWARE mbam exe Carbonite Inc C Program Files x Carbonite Carbonite Backup CarboniteUI exe RealNetworks Inc C Program Files x Real RealPlayer Update realsched exe Microsoft Corporation C Windows System GWX GWX exe Tweaking com C Program Files x Tweaking com Windows Repair All in One WR Tray Icon exe Adobe Systems Incorporated C Program Files x Adobe Reader Reader AcroRd exe Adobe Systems Incorporated C Program Files x Adobe Reader Reader AcroRd exe Microsoft Corporation C Windows splwow exe Microsoft Corporation C Program Files Internet Explorer iexplore exe Microsoft Corporation C Program Files Internet Explorer iexplore exe Adobe Systems Incorporated C Windows System Macromed Flash FlashUtil ActiveX exe Microsoft Corporation C Program Files Internet Explorer iexplore exe Microsoft Corporation C Program Files Internet Explorer iexplore exe Apple Inc C Program Files x Common Files Apple Internet Services ApplePhotoStreams exe Registry Whitelisted If an entry is included in the fixlist the registry item will be restored to default or removed The file will not be moved HKLM-x Run APSDaemon gt C Program Files x Common Files Apple Apple Application Support APSDaemon exe - - Apple Inc HKLM-x Run AvastUI exe gt C Program Files AVAST Software Avast AvastUI exe - - AVAST Software HKLM-x Run Carbonite Backup gt C Program Files x Carbonite Carbonite Backup CarboniteUI exe - - Carbonite Inc HKLM-x Run TkBellExe gt C Program Files x Real RealPlayer update realsched exe - - RealNetworks Inc HKLM-x Run QuickTime Task gt C Program Files x QuickTime QTTask exe - - Apple Inc HKLM-x Run emsisoft anti-malware gt C P... Read more

A:Infected with Trojan.Win32.Injector and Trojan.GenericKD1947420

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [ChromeUpdate] => C:\Users\Jackie\AppData\Roaming\ChromeUpdate.exe
HKU\S-1-5-21-1349327015-547616561-364532361-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 MCSTRM; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:DESTICON_favicon729334964
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_0favicon729334964
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_1favicon-355691027
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_2favicon-1704516397
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_3favicon2052216002
AlternateDataStreams: C:\Users\RosettaStone Spanish\Desktop\Allrecipes.com.website:TASKICON_4favicon-433748701
C:\Users\Jackie\AppData\Roaming\ChromeUpdate.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===How si the computer running now?

http://www.bleepingcomputer.com/forums/t/594208/infected-with-trojanwin32injector-and-trojangenerickd1947420/
Relevancy 40.42%

My trojan. trojan clean with Unable the to Infected Olmarik eset Smart Security found quot Win Olmarik trojan quot but is unable to remove it I have tried using spybot search and destroy malwarebytes antimalware and eset smart security None of Infected with Olmarik trojan. Unable to clean the trojan them have worked Here s the log DDS Ver - - - NTFSx Run by amit at on - - Internet Explorer BrowserJavaVersion Microsoft Windows Ultimate GMT SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C DADBE Running Processes G Windows system wininit exeG Windows system lsm exeG Windows system svchost exe -k DcomLaunchG Windows system nvvsvc exeG Windows system svchost exe -k RPCSSG Windows System svchost exe -k LocalServiceNetworkRestrictedG Windows System svchost exe -k LocalSystemNetworkRestrictedG Windows system svchost exe -k netsvcsG Windows servicing TrustedInstaller exeG Windows system svchost exe -k LocalServiceG Windows system svchost exe -k NetworkServiceG Windows System spoolsv exeG Windows system svchost exe -k LocalServiceAndNoImpersonationG Windows system svchost exe -k LocalServiceNoNetworkC Games Dragon Age bin ship DAUpdaterSvc Service exeG Program Files ESET ESET Smart Security ekrn exeG Windows system eTSrv exeG Windows system IoctlSvc exeG Program Files NVIDIA Corporation D Vision nvSCPAPISvr exeG Windows system svchost exe -k imgsvcG Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEG Program Files Spybot - Search amp Destroy SDWinSec exeG Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeG Windows system SearchIndexer exeG Windows system nvvsvc exeG Windows system taskhost exeG Windows system Dwm exeG Windows system taskhost exeG Windows Explorer EXEG Program Files ESET ESET Smart Security egui exeG Windows System eTCrtMng exeG Program Files Logitech SetPointP SetPoint exeG Program Files Common Files Java Java Update jusched exeG Program Files Malwarebytes Anti-Malware mbamgui exeG Program Files uTorrent uTorrent exeG Program Files Common Files LogiShrd KHAL KHALMNPR EXEG Program Files Windows Media Player wmpnetwk exeG Windows System svchost exe -k LocalServicePeerNetG Windows system wbem wmiprvse exeG Program Files Opera opera exeG Windows system DllHost exeG Program Files Malwarebytes Anti-Malware mbamservice exeG Windows system sppsvc exeG Windows System svchost exe -k secsvcsG Windows system wbem wmiprvse exeG Program Files AIM AIM Pro aimpro exeG Windows system SearchProtocolHost exeG Windows system SearchFilterHost exeG Windows system wuauclt exeG Windows system SearchProtocolHost exeG Users amit Documents Downloads dds scrG Windows system conhost exe Pseudo HJT Report uInternet Settings ProxyServer BHO GetRight IE Helper ff d- a - a-a ef- ba a e - g program files getright xx gr dllBHO BHOManager Class bc- - c - b - f dc ce - g windows system BHOManager dllBHO Spybot-S amp D IE Protection - f - d - - d f - g progra spybot SDHelper dllBHO C C A-E - b - D - CECB - No FileBHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - g program files common files microsoft shared windows live WindowsLiveLogin dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - g program files java jre bin jp ssv dlluRun uTorrent quot g program files utorrent uTorrent exe quot mRun egui quot g program files eset eset smart security egui exe quot hide waitservicemRun Malwarebytes Anti-Malware reboot quot g program files malwarebytes anti-malware mbam exe quot runcleanupscriptmRun eTCertManger g windows system eTCrtMng exemRun EvtMgr g program files logitech setpointp SetPoint exe launchGamingmRun SunJavaUpdateSched quot g program files common files java java update jusched exe quot mRun Malwarebytes Anti-Malware quot g program files malwarebytes anti-malware mbamgui exe quot starttrayStartupFolder g users amit appdata roaming micros windows startm programs startup logite lnk - g program files common files logishrd ereg setpoint eReg exemPolicies-system ConsentPromptBehaviorAd... Read more

A:Infected with Olmarik trojan. Unable to clean the trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/306088/infected-with-olmarik-trojan-unable-to-clean-the-trojan/
Relevancy 40.42%

Here is my Hijackthis logfile I also posted my Kaspersky Scan that showed my viruses present Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon With....trojan.winreg.qoologic Infected ...trojan.bat.agent.ak exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system acs exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC WINDOWS system brsvc a exeC WINDOWS system spoolsv exeC WINDOWS system brss a exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system bgsvcgen exeC WINDOWS system Brmfrmps exeC WINDOWS Infected With....trojan.winreg.qoologic ...trojan.bat.agent.ak System GEARSec exeC Program Files Symantec Norton Ghost Agent PQV iSvc exeC WINDOWS system nvsvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS Infected With....trojan.winreg.qoologic ...trojan.bat.agent.ak system svchost exeC Program Files Venturi Client ventc exeC WINDOWS Explorer EXEC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC WINDOWS system dla tfswctrl exeC PROGRA Grisoft AVG avgcc exeC Program Files Picasa PicasaMediaDetector exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files QuickTime qttask exeC WINDOWS system rundll exeC Program Files Symantec Norton Ghost Agent GhostTray exeC Program Files Apoint K Apntex exeC Infected With....trojan.winreg.qoologic ...trojan.bat.agent.ak Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC WINDOWS System svchost exeC Program Files FinePixViewer QuickDCF exeC Program Files Venturi Configurator ventcfg exeC Program Files SpywareGuard sgmain exeC Program Files SpywareGuard sgbhp exeC Program Files iPod bin iPodService exeC Program Files MSN Messenger usnsvc exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC HJT- HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dllO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run nwiz nwiz exe installO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run Picasa Media Detector C Program Files Picasa PicasaMediaDetector exeO - HKLM Run Adobe Photo... Read more

A:Infected With....trojan.winreg.qoologic ...trojan.bat.agent.ak

Welcome to the BleepingComputer HijackThis Logs and Analysis forum what-the? My name is Richie and i'll be helping you to fix your problems.C:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe/10 Infected: Trojan.WinREG.Qoologic skippedC:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe/4 Infected: Trojan.BAT.Agent.ak skippedC:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe/9 Infected: Trojan.BAT.Agent.al skippedC:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe QuickBatch: infected - 3 skippedC:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe UPX: infected - 3 skippedC:\System Volume Information\_restore{73A9C44D-AE84-4BF8-B439-16AF5231EB2E}\RP243\A0056742.exe PE_Patch.UPX: infected - 3 skippedAll the above infected ojects are being held inside System Restore points,in the System Volume Information folder.Clear your 'System Restore' points by doing the following: Right-click on 'My Computer' and select 'Properties'. Select 'System Restore'. Select 'Turn Off System Restore On All Drives'. Select 'Apply'. You will then get the following warning:"You have chosen to turn off System Restore.If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.Do you want to turn off System Restore?".Then select 'Yes',your 'System Restore' directories will be purged. Restart your pc.-----------------------------------------Turn 'System Restore' back on:Right click on 'My Computer' and select 'Properties'. Select 'System Restore'. Unselect 'Turn Off System Restore On All Drives'. Select 'Apply',then click 'Ok'.Click on Start/All Programs/Accessories/System Tools/System Restore. In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'. In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'. The date and time will be created automatically.Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.The 'Select Drive' box will appear,click on Ok.The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.At the bottom in the 'System Restore' window,click on the 'Clean up...' button.A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.Click on 'Yes' at 'Are you sure you want to perform these actions?'.Now wait until 'Disk Cleanup' finishes and the box disappears. ----------------------------------------Download\install 'SuperAntiSpyware Home Edition Free Version' from here:http://www.superantispyware.com/downloadfi...ANTISPYWAREFREELaunch SuperAntiSpyware and click on 'Check for updates'.Once the updates have been installed,on the main screen click on 'Scan your computer'.Check: 'Perform Complete Scan'.Click 'Next' to start the scan.Superantispyware will now scan your computer,when it's finished it will list all/any infections found.Make sure everything found has a checkmark next to it,then press 'Next'.Click on 'Finish' when you've done.It's possible that the program will ask you to reboot in order to delete some files.Obtain the SuperAntiSpyware log as follows:Click on 'Preferences'.Click on the 'Statistics/Logs' tab.Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.It will then open in your default text editor,such as Notepad.Copy and paste the contents of that report into your next reply.Also post a new Hijackthis log,let me know how your pc is running now.

http://www.bleepingcomputer.com/forums/t/99715/infected-withtrojanwinregqoologic-trojanbatagentak/
Relevancy 40.42%

My desktop and laptop were recently infected with Trojan viruses according to malware on my laptop and windows defender on my desktop My desktop is completely inoperable so this post is in reference to my laptop Hiloti with Trojan [Laptop] and Infected Trojan Agent My laptop was acting slow and google chrome my standard web browser was coming up with unusual error messages I believe is said quot Error click ok to terminate command quot I ran malware and found Trojan Hiloti and Trojan Agent Here are the files that were infected based on my Malware log Files Infected C WINDOWS clefgtu dll Trojan Hiloti - gt Quarantined and deleted successfully C WINDOWS Temp TM tmp Trojan Hiloti - gt Quarantined and deleted successfully C WINDOWS Temp TMD tmp Trojan Hiloti - gt Quarantined and deleted successfully C WINDOWS system config systemprofile wuaucldt exe Trojan Agent - gt Quarantined and deleted successfully C Documents and Settings Kevin Application Data avdrn dat Malware Trace - gt Quarantined and deleted successfully C WINDOWS system wuaucldt exe Trojan Agent - gt Quarantined and deleted successfully C Documents and Settings Infected with Trojan Hiloti and Trojan Agent [Laptop] Kevin Start Menu Programs Startup monxga exe Trojan Agent - gt Quarantined and deleted successfully I told malware to remove all the trojans but my problems are getting worse My laptop will now display a blue screen and restart itself randomly I need your help DDS Ver - - - NTFSx Run by Infected with Trojan Hiloti and Trojan Agent [Laptop] Kevin at on Thu Internet Explorer Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exesvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system igfxpers exeC Program Files Sony ISB Utility ISBMgr exeC Program Files Sony Wireless Switch Setting Utility Switcher exeC Program Files Sony VAIO Power Management SPMgr exeC Program Files Sony SmartWi Connection Utility WCULauncher exeC Program Files Apoint Apoint exeC Program Files AutoInstall ZD B Auto Install CD Only Gen ACE FF AutoEJCD EXEC Program Files sony Wireless adapter ZDWLan EXEC Program Files Logitech Logitech WebCam Software LWS exeC Program Files Java jre bin jusched exeC WINDOWS system ctfmon exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exeC Program Files Toshiba Bluetooth Toshiba Stack TosA dp exeC Program Files Apoint Apntex exeC Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exeC Program Files Common Files Logishrd LQCVFX COCIManager exesvchost exeC Program Files Java jre bin jqs exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Sony VAIO Event Service VESMgr exeC Program Files Sony SmartWi Connection Utility SmartWiService exeC Program Files Sony SmartWi Connection Utility SmartWiTogglet exeC WINDOWS system wuauclt exeC WINDOWS system msiexec exeC Documents and Settings Kevin Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Kevin Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Kevin Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dllBHO C C A-E - b - D - CECB - No FileBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dlluRun Google Update quot c documents and settings kevin local settings application data goo... Read more

A:Infected with Trojan Hiloti and Trojan Agent [Laptop]

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS and Attach Log

http://www.bleepingcomputer.com/forums/t/311851/infected-with-trojan-hiloti-and-trojan-agent-laptop/
Relevancy 40.42%

When I do a Artemis!8EA7A0F2B64B with (Trojan) (Trojan) GenericFakeAlert.k be I infected might and search on google or yahoo I am being redirected to different websites Yesterday it was limited to that now I have audio coming from I don't know where and I can find a way to cut it off It's like a podcast of guys just rambling on about stuff This all started after visiting a site called emuparadise com where I should have known better This is suppose to be a I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) site that offers cracked files for video game system I downloaded something for my year old andI think that's when I started having the issues like within an hour after trying to extract the file after downloadng I can still visit websites if I type in the url address but if I try to go to a website from a search engine I run into the redirection problem s Here are my files from the DDS program Please help DDS Ver - - - NTFSx Run by Garzas at on Wed Internet Explorer Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) exe -k WudfServiceGroup svchost exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS CNYHKey exe C WINDOWS Dit exe C WINDOWS mHotkey exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C PROGRA Yahoo browser ybrwicon exe C Program Files Leapfrog FlyWorld bin FlyMonitor exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan) WINDOWS SOUNDMAN EXE C Program Files Mouse Driver MouseDrv exe C Program Files iTunes iTunesHelper exe C Program Files McAfee com Agent mcagent exe C PROGRA Yahoo browser ycommon exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Program Files DNA btdna exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C WINDOWS System snmp exe C WINDOWS system svchost exe -k imgsvc C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files iPod bin iPodService exe c PROGRA mcafee msc mcshell exe C PROGRA McAfee MSC McLgView exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer Iexplore exe C Program Files Internet Explorer Iexplore exe C Documents and Settings Garzas Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uWindow Title Windows Internet Explorer provided by Yahoo uDefault Page URL hxxp www yahoo com fr fp-yie uInternet Connection Wizard ShellNext hxxp yahoo sbc com dial uInternet Settings ProxyOverride local uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO B CA - A - D -A DF- BB - No File BHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c progra yahoo common yiesrvc dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO E D - A- EC... Read more

A:I might be infected with Artemis!8EA7A0F2B64B (Trojan) and GenericFakeAlert.k (Trojan)

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREKind regardsNet_Surfer

http://www.bleepingcomputer.com/forums/t/241919/i-might-be-infected-with-artemis8ea7a0f2b64b-trojan-and-genericfakealertk-trojan/
Relevancy 40.42%

I have never tried this before and any help would be much appreciated Last Friday my computer was infected with the System Security Virus after my husband clicked on a picture in craigslist Desktop went to blue screen with quot warning you computer is infected quot after a few minutes the computer was useless My brother who has some computer knowledge did his best and Win32.Trojan.TDSS with Infected trojan backdoor cleared out most of the infection Now although and I Infected with backdoor trojan Win32.Trojan.TDSS am able to use the computer the backdoor trojan Win Trojan TDSS is definitely still there On occasion I get a warning from ad-aware that says malware is found I have run both ad-aware and malwarebytes repeatedly and it just cannot clear out this virus We have located the bmp files that were the warning screens and deleted those also Both ad-aware and malwarebytes can locate the files but cannot remove them even after a reboot Monday after a long day of working on it we thought the system was clean but at approximately am my computer speakers started playing Michael Jackson songs Couldn t find on the computer where it was coming from and a after two songs it ended So I scanned with ad-aware and it found the same virus again Malwarebytes has found UACinit dll I am pretty sure this is a nasty backdoor trojan and a rootkit virus that is totally screwing up my system It is functional at the moment and we have already gone on different computers to change all sensitive information and haven t accessed it from this computer since the virus hit I am not sure all the things my brother has done to fix it but I believe at one point he may have run a combofix but again not totally sure Like I said anyhelp would be great Just let me know what to do and I will try to do it Thank you so much

A:Infected with backdoor trojan Win32.Trojan.TDSS

Hello about the TDDS..One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.To clean please post your MBAM (Malwarebytes) logThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.

http://www.bleepingcomputer.com/forums/t/241736/infected-with-backdoor-trojan-win32trojantdss/
Relevancy 40.42%

Hi My partner's laptop is infected with a pretty nasty virus and she gave me the Infected Trojan.Downloader with / / Trojan.Agent Bagle job of fixing it The virus killed the internet connection but I managed to figure out how to get the internet Infected with Trojan.Downloader / Trojan.Agent / Bagle back disabled Norton anti-virus and generally slows down the whole machine The virus seems to prevent me from restarting into Windows safe mode Various tools don't run - for instance I could not run DrCureIt or even Kaspersky online scan I've been moved to this forum from the 'Am I infected What do I do ' forum For a full report of the problem and the steps taken so far please see http www bleepingcomputer com forums t infected-with-trojandownloader-trojanagent-bagle I'm posting a DDS log as in the instructions Thanks in advance for all your help Cheers Karol DDS Ver - - - NTFSx Run by Eczka at on Tue Internet Explorer Microsoft Windows XP Professional GMT AV Norton AntiVirus On-access scanning disabled Outdated E A - - -B - C C F FW Norton Internet Worm Protection enabled F - CEE- EA-A A-D ADD EA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system ACS exesvchost exesvchost exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exesvchost exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS system DVDRAMSV exeC WINDOWS system svchost exe -k imgsvcC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Apoint K Apoint exeC Program Files TOSHIBA E-KEY CeEKey exeC Program Files TOSHIBA TouchPad TPTray exeC WINDOWS system dla tfswctrl exeC Program Files TOSHIBA Touch and Launch PadExe exeC WINDOWS system ZoomingHook exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC Program Files Toshiba Tvs TvsTray exeC WINDOWS AGRSMMSG exeC WINDOWS system TCtrlIOHook exeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files Canon MyPrinter BJMyPrt exeC Program Files Apoint K Apntex exeC Program Files ScanSoft OmniPageSE OpwareSE exeC WINDOWS system ctfmon exeC WINDOWS system TPSBattM exeC WINDOWS system RAMASST exeC Program Files Mozilla Firefox firefox exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Outlook Express msimn exeC Program Files Messenger msmsgs exeC Documents and Settings Eczka Desktop dds scr Pseudo HJT Report uStart Page hxxp www agn gob mx uSearch Page hxxp www telstra com uWindow Title Telstra BigPond Home Internet ExploreruInternet Connection Wizard ShellNext iexploreBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO CNavExtBho Class bdf e -b - ad-a -fadc b - c program files norton antivirus NavShExt dllTB Norton AntiVirus cdd bf- ffb- - ad - df b d - c program files norton antivirus NavShExt dlluRun TOSCDSPD c program files toshiba toscdspd toscdspd exeuRun ctfmon exe c windows system ctfmon exemRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun Apoint c program files apoint k Apoint exemRun CeEKEY c program files toshiba e-key CeEKey exemRun mRun TPNF c program files toshiba touchpad TPTray exemRun dla c windows system dla tfswctrl exemRun PadTouch c program files toshiba touch and launch PadExe exemRun ZoomingHook ZoomingHook exemRun SmoothView c program files toshiba toshiba zooming utility SmoothView exemRun SVPWUTIL c program files toshiba windows utilities SVPWUTIL exe SVPwUTILmRun TPSMain TPSMain exemRun HWSetup c program files toshiba toshiba applet HWSetup exe hwSetUPmRun Tvs c program files toshiba tvs TvsTray exemRun AGRSMMSG AGRSMMSG exemRun TCtryIOHook TCtrlIOHook exemRun TFncKy TFncKy exemRun ccApp c program files common files symantec shared ccApp exe mRun Symantec NetDriver Monitor c progra symnet SNDMon exe ConsumermRun CorelDRAW Graphics Suite ... Read more

A:Infected with Trojan.Downloader / Trojan.Agent / Bagle

Hello KarolF, and to Bleeping Computer Forums, My Nick is Net_Surfer I'll be glad to help you with your computer problems.I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here.Please be patient and I'd be grateful if you would note the following:The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. 1. Please reply using the AddReply button in the lower right hand corner of your screen. Do not start a new topic. 2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. 3. All of my posts need to be checked by my coach, so please be patient while I attempt to remove your malware. 4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one. Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Kind regardsNet_Surfer

http://www.bleepingcomputer.com/forums/t/229402/infected-with-trojandownloader-trojanagent-bagle/
Relevancy 40.42%

Hi Thanks in advance with Artemis!21CF83958DC7 (Trojan) and Generic.dx!peb Infected (Trojan) for the time McAfee AV it s telling me since yesterday this message McAfee has automatically blocked and removed a Trojan About this TrojanDetected Generic dx peb Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan) Trojan Generic dx peb Trojan Location C WINDOWS TEMP eorh tmp svchost exeThe eorh tmp it s just an example The path will be always like C WINDOWS TEMP xxxx tmp svchost exe Now it has added another trojan McAfee has automatically blocked and removed a Trojan About this TrojanDetected Artemis CF DC Trojan Artemis CF DC Trojan Location C WINDOWS TEMP hsuy tmp svchost exeThis keeps appearing in like minute intervals Here it goes the DDS log DDS Ver - - - NTFSx Run by mmondeja at on - - Internet Explorer BrowserJavaVersion Microsoft Windows Vista Business GMT - SP Lavasoft Ad-Watch Live disabled Updated DAE- F - D - - E CFFDAA SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C WINDOWS system wininit exeC WINDOWS system lsm exeC WINDOWS system svchost exe -k DcomLaunchC WINDOWS System svchost exe -k CognizanceC WINDOWS system svchost exe -k rpcssC WINDOWS system Ati evxx exeC WINDOWS System svchost exe -k LocalServiceNetworkRestrictedC WINDOWS System svchost exe -k LocalSystemNetworkRestrictedC WINDOWS system svchost exe -k netsvcsC WINDOWS system svchost exe -k GPSvcGroupC WINDOWS system SLsvc exeC WINDOWS system svchost exe -k LocalServiceC WINDOWS system Hpservice exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exe -k NetworkServiceC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS System spoolsv exeC WINDOWS system svchost exe -k LocalServiceNoNetworkC WINDOWS system AEADISRV EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Intel AMT atchksrv exeC Program Files Bonjour mDNSResponder exeC WINDOWS system svchost exe -k bthsvcsC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Google Update GoogleCrashHandler exeC Program Files Intel AMT LMS exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files McAfee Common Framework FrameworkService exeC WINDOWS system rundll exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS McShield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files WatchGuard Mobile VPN ncpclcfg exeC Program Files WatchGuard Mobile VPN ncprwsnt exeC Program Files WatchGuard Mobile VPN ncpsec exeC WINDOWS System svchost exe -k HPZ C Program Files PDF Complete pdfsvc exeC WINDOWS System svchost exe -k HPZ C Program Files WatchGuard Mobile VPN rwsrsu exeC WINDOWS system svchost exe -k imgsvcC WINDOWS System TUProgSt exeC Program Files Intel AMT UNS exeC WINDOWS System svchost exe -k WerSvcGroupC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC WINDOWS system SearchIndexer exeC WINDOWS system DRIVERS xaudio exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files HPQ Shared Sierra Wireless Win Unicode SWIHPWMI exeC WINDOWS system wbem wmiprvse exeC WINDOWS system wbem unsecapp exeC PROGRA McAfee MSC mcmscsvc exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exec PROGRA mcafee com agent mcagent exeC WINDOWS system Dwm exeC Program Files Hewlett-Packard IAM bin asghost exeC WINDOWS Explorer EXEC WINDOWS system taskeng exeC WINDOWS system taskeng exeC WINDOWS SMINST scheduler exeC Program Files Hewlett-Packard HP ProtectTools Security Manager pthosttr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exeC Program Files Hewlett-Packard HP Wireless Assistant WiFiMsg exeC Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exeC Program Files Intel AMT atchk exeC Program Files Analog Devices Core smax pnp exeC WINDOWS vsnpst... Read more

A:Infected with Generic.dx!peb (Trojan) and Artemis!21CF83958DC7 (Trojan)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/304778/infected-with-genericdxpeb-trojan-and-artemis21cf83958dc7-trojan/
Relevancy 40.42%

Hi My computer has been infected Trojan Malscript html and Trojan Fakeavalert according to Symantec AV It has become very slow I keep getting pop ups saying that my computer has been infected and I need Infected with and Trojan.Malscript!html Trojan.Fakeavalert to download some software to Infected with Trojan.Malscript!html and Trojan.Fakeavalert get it cleaned I am unable to update windows defender or run windows defender As per instructions I have run dds scr and am pasting and attaching the log All help would be appreciated DDS Ver - - - NTFSx Run by Amit at on Internet Explorer BrowserJavaVersion Pseudo HJT Report uStart Page hxxp www google ca uSearch Page hxxp www google comuDefault Page URL hxxp www dell me com mywayuSearch Bar hxxp www google com ieuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext hxxp www dell me com mywayuInternet Settings ProxyOverride localuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com iemWinlogon Userinit c windows system userinit exeBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dllBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO c d df- af- e - f - b ebe - c windows system nejejuhi dllBHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B E dllTB amp Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dllTB B EAC - D - B E- B -A C A A - No FileEB Real com fe fa -d c- d - fa- c f afe - c windows system Shdocvw dlluRun ctfmon exe c windows system ctfmon exeuRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exeuRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun Yahoo Pager quot c progra yahoo messen YAHOOM EXE quot -quietuRun AdobeUpdater quot c program files common files adobe updater AdobeUpdater exe quot mRun Apoint c program files apoint Apoint exemRun IgfxTray c windows system igfxtray exemRun HotKeysCmds c windows system hkcmd exemRun Dell QuickSet c program files dell quickset quickset exemRun ccApp quot c program files common files symantec shared ccApp exe quot mRun vptray c progra symant VPTray exemRun Windows Defender quot c program files windows defender MSASCui exe quot -hidemRun IntelZeroConfig quot c program files intel wireless bin ZCfgSvc exe quot mRun IntelWireless quot c program files intel wireless bin ifrmewrk exe quot tf Intel PROSet WirelessmRun HP Software Update c program files hp hp software update HPWuSchd exemRun Remote quot c program files tvr remote exe quot mRun RecSche quot c program files tvr RecSche exe quot mRun WinDVRCtrl c windows WDVRCtrl exemRun ScanRegistry C WmRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottimemRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun TkBellExe quot c program files common files real update ob realsched exe quot -osbootmRun af rundll exe quot c windows system jiwaluzu dll quot bmRun wezayogoto Rundll exe quot c windows system satokali dll quot smRun f rundll exe quot c windows system famidino dll quot bmRun CPM c be Rundll exe quot c windows system toturosu dll quot adRun DWQueuedReportin... Read more

A:Infected with Trojan.Malscript!html and Trojan.Fakeavalert

I have tried the following, but the computer is still infected-

1) Install Avast and ran it in boot mode, it found a bunch of files which I deleted
2) Ran norton a few times, it does not find anything

The virus does not let me update windows, keeps stopping windows update in the services. Please help me get rid of this virus...

Thanks...

http://www.bleepingcomputer.com/forums/t/221619/infected-with-trojanmalscripthtml-and-trojanfakeavalert/
Relevancy 40.42%

helloi've been battling some kind of infection on my kids' computer and need help from the experts i've run spybot adaware and norton antivirus several times but every time i re-booted the computer and ran the scans again i would have the same issues in my processes 'rundll exe' was hogging the resources i looked in my startup Trojan.vundo Trojan.win32.monderc.gen With Infected Or and found an entry 'mtosfehd' and disabled it and have since been able to use the computer without it locking up on me but i know that i didn't really fix the issue the kaspersky scan told me i have three infected files i would appreciate any help you can offer here are all my scans i hope i did this right i tried to post this and was told my post was too long i will post the hijack this log in this thread thank you kaspersky --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT Monday June Operating System Microsoft Windows XP Home Edition Service Pack build Kaspersky Online Scanner version Program database last update Monday June Records in database --------------------------------------------------------------------------------Scan settings Scan using the following database extended Scan archives yes Scan mail databases yesScan area - My Computer A C D E F G H I L M Scan statistics Files scanned Threat name Infected objects Suspicious objects Infected With Trojan.vundo Or Trojan.win32.monderc.gen Duration of the scan File name Threat name Threats countC Documents and Settings Owner Local Settings Temp r exe Infected not-a-virus FraudTool Win SpyDefenderPro a C Program Files Common Files Real Toolbar RealBar dll Infected not-a-virus AdWare Win MegaSearch s C WINDOWS system mtosfehd dll Infected Trojan Win Monderc gen The selected area was scanned -- HijackThis run as Owner exe -----------------------------------------------Unable to find log file not found running clone -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCSVCHST EXEC Program Files Common Files Symantec Shared CCPROXY EXEC WINDOWS system spoolsv exeC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS system nvsvc exeC Program Files Adobe Photoshop Elements PhotoshopElementsDeviceConnect exeC WINDOWS system svchost exeC WINDOWS explorer exeC WINDOWS ALCXMNTR EXEC Program Files Common Files Symantec Shared CCSVCHST EXEC WINDOWS system WDBtnMgr exeC WINDOWS system ctfmon exeC WINDOWS system svchost exeC Program Files My Book WD Backup uBBMonitor exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system taskmgr exeC Documents and Settings Owner Desktop dss exeC Documents and Settings Owner Desktop hijackthis Owner exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ieR - HKCU Software Microsoft Internet Explorer Main Search Page http www google comR - HKCU Software Microsoft Internet Explorer Main Start Page http www neopets com R - HKCU Software Microsoft Internet Explorer SearchURL Default http www google com keyword sR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http search msn com spbasic htmR - HKLM So... Read more

A:Infected With Trojan.vundo Or Trojan.win32.monderc.gen

my new and revised hijack this file [I really hope I have everything in order now, please let me know if I've done something incorrectly, thanks}Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:26:04 PM, on 6/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\My Book\WD Backup\uBBMonitor.exeC:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: {6828b6ac-e599-4d2a-f6a4-5e6d34471461} - {16417443-d6e5-4a6f-a2d4-995eca6b8286} - C:\WINDOWS\system32\oiehapsv.dll (file missing)O2 - BHO: (no name) - {4BB92B7C-A20E-40BF-970F-1E8375CF6EA1} - C:\WINDOWS\system32\urqNDTJA.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-... Read more

http://www.bleepingcomputer.com/forums/t/155167/infected-with-trojanvundo-or-trojanwin32mondercgen/
Relevancy 40.42%

I got infected this morning after download email attachment after opened the zip file a program call Antivirus Security pro was installed on my computer without my permission after the program was installed I couldn t run or open any programs My Antivirus software McAffee didn t detected viruses when I run a scan before I open the zip After the software was install McAffee had block any oncoming connections from various IP Address that want to get into my computer I finally I and mornign infected with got a Trojan.Inject.RRE Trojan.FakeAlert.RRE this manage to uninstall the Antivirus Security pro from my programs and features I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE from windows without any hassle I tried I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE to run McAffee after that to see if could pick any viruses on my computer but found nothing due that I wasn t very sure I download Malwarebytes run the solfware and found two Trojans on my computer which I remove this morning Now this evening I have run again another scan with Malwarebytes and found another four Trojans three of them are call Trojan FakeAlert RRE and one of them is call Trojan Inject RRE The reason I am posting this is because I want to make sure that my computer is completely clean of any malware or anything that can damage my computer or someone try to hack on my computer or stole anything I ll appreciate some help thanks Sorry about my English

A:I got infected this mornign with a Trojan.FakeAlert.RRE and Trojan.Inject.RRE

Hello amagan I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.I need to get some reports to get a base to start from so I need you to run these programs first.-Download DDS-Please download DDS from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:DDS.txtAttach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyGringo

http://www.bleepingcomputer.com/forums/t/509539/i-got-infected-this-mornign-with-a-trojanfakealertrre-and-trojaninjectrre/
Relevancy 40.42%

I Trojan-Spy.Zbot, with Infected Trojan-Downloader.Tiny.ID ran a few anti-spyware programs to check my computer out as it was acting a little weird and got alerted to Trojan-Spy Zbot Trojan-Downloader Tiny ID And can't figure out how to remove them What was causing my concern with the Internet Explorer exe file was not being removed from my processes after I closed it down and also was having problems where I couldn't open up any more window or right-click and pull up any menus DDS Ver - - - NTFSx Run by Scott at on Fri Internet Explorer BrowserJavaVersion Pseudo HJT Report uInternet Settings ProxyOverride local uSearchURL Default hxxp www google com keyword s BHO Disabled B F -A B- b -BBAC- EBEBBB - No File BHO Disabled E E -D E- D -AD - E C F - No File BHO ReadMe-BHODemon Infected with Trojan-Spy.Zbot, Trojan-Downloader.Tiny.ID - No File BHO Disabled BF B-C D - d - A -A F BA C - No File BHO Disabled BAB B B- BC- B - D - FC DE A - No File BHO Disabled BB-D F - C-B EB-D DAF D D - No File BHO Disabled E D - A- EC-A -BA D E E - No File BHO Disabled AA ED - DD- d - -CF F - No File BHO Disabled AF DE - D - -B FA-CE B AD D - No File BHO Disabled C C A-EC - DF-AAAD- B AB E - No File BHO StumbleUpon Launcher b f -a b- b -bbac- ebebbb - c program files stumbleupon StumbleUponIEBar dll BHO e e -d e- d -ad - e c f - c progra freshd freshd fdcatch dll TB StumbleUpon Toolbar eb c- e - ab- -b ba bdc - c program files stumbleupon StumbleUponIEBar dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB PDFCreator Toolbar cf ebe- - a d-ac - d d b - c program files pdfcreator toolbar v PDFCreator Toolbar dll TB D A B-D B- D - A - EE F C - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exe uRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exe uRun AnVir Task Manager quot c program files anvir task manager AnVir exe quot Minimized uRun msnmsgr quot c program files msn messenger msnmsgr exe quot background uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun Logitech Hardware Abstraction Layer KHALMNPR EXE mRun SetDefPrt c program files brother brmfl a BrStDvPt exe mRun WD Button Manager WDBtnMgr exe mRun avgnt quot c program files antivir personaledition classic avgnt exe quot min mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun CMCService quot c program files ati catalyst media center CMCService exe quot mRun ISTray quot c program files spyware doctor pctsTray exe quot uPolicies-explorer SearchOptionsEx x fb uPolicies-explorer ExSearchOptions x ad uPolicies-explorer NoSMBalloonTip x uPolicies-explorer MemCheckBoxInRunDlg x uPolicies-explorer NoResolveTrack x uPolicies-explorer NoWelcomeScreen x uPolicies-explorer NoRecentDocsNetHood x uPolicies-explorer NoDesktopCleanupWizard x uPolicies-explorer NoThemesTab x uPolicies-system NoDispAppearancePage x uPolicies-system NoColorChoice x uPolicies-system NoDispSettingsPage x uPolicies-system NoVisualStyleChoice x uPolicies-system NoSizeChoice x mPolicies-explorer lt NO NAME gt mPolicies-explorer NoStrCmpLogical x mPolicies-system SynchronousMachineGroupPolicy x mPolicies-system SynchronousUserGroupPolicy x IE AC E - - d -BC D- B D A DE - c progra aim aim exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE B E C - FCB- CF-AAA - C - CAFEEFAC- - - -ABCDEFFEDCBC - c program files java jre bin ssv dll IE BF - - EC - -D B E B - BF - - EC - -D B E B - c program files skype toolbars internet explorer SkypeIEPlugin dll IE CFA B-A F- A - C - C A E E - A -F E - -AA E- E EE C - c progra nuclea videoget plugins VIDEOG DLL IE CD F -D E - d - FE- C F AFE - FE FA -D C- d - FA- C F AFE - c windows system Shdocvw dll Trusted Zone turbotax com Handler skype com - FFC B - B - DFF- - C DD F D - c progra common... Read more

A:Infected with Trojan-Spy.Zbot, Trojan-Downloader.Tiny.ID

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/193748/infected-with-trojan-spyzbot-trojan-downloadertinyid/
Relevancy 40.42%

Hello I first noticed a problem with printing on about July The print job hangs And Trojan-downloader.bat.ftp.ab Trojan.win32.pakes.jxe Infected: in the spooler after printing Canon support says the printer is working fine Norton Internet Security didn't find anything in Infected: Trojan.win32.pakes.jxe And Trojan-downloader.bat.ftp.ab a full system scan Then I found this site My OS is Windows XPI followed the recommendations outlined in the Preparations posting Here is the Kaspersky log --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT Tuesday July Operating System Microsoft Windows XP Professional Service Pack build Kaspersky Online Scanner version Program database last update Tuesday July Records in database --------------------------------------------------------------------------------Scan settings Scan using the following database extended Scan archives yes Scan mail databases yesScan area - My Computer A C D F H I J K L M Scan statistics Files scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats countC Documents and Settings All Users Application Data Symantec Norton AntiVirus Quarantine F exe Infected Trojan Win Zapchast C Documents and Settings All Users Application Data Symantec Norton AntiVirus Quarantine B exe Infected Backdoor Win Robobot ab C Documents and Settings Owner Local Settings Temporary Internet Files Content IE TAM I ip xp usZ setup exe Infected Trojan Win Pakes jxe C Documents and Settings Owner My Documents Photography ip xp usZ exe Infected Trojan Win Pakes jxe C WINDOWS system o Infected Trojan-Downloader BAT Ftp ab H Memeo Owner's Backup C Documents and Settings Owner My Documents Photography ip xp usZ exe Infected Trojan Win Pakes jxe The selected area was scanned Here is the DSS report Deckard's System Scanner v Run by Owner on - - Computer is in Normal Mode --------------------------------------------------------------------------------Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCSVCHST EXEC Program Files Common Files Symantec Shared VAScanner comHost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS explorer exeC Program Files Seagate Basics Service SyncServicesBasics exeC Program Files Multimedia Card Reader shwicon k exeC Program Files Java jre bin jusched exeC Program Files Seagate SystemTray StxMenuMgr exeC WINDOWS system dllhost exeC Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exeC WINDOWS ltmsg exeC hp KBD kbd exeC WINDOWS system igfxtray exeC WINDOWS system hpsysdrv exeC WINDOWS system hkcmd exeC Program Files HP DVD Umbrella DVDTray exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Seagate Basics Basics Status MaxMenuMgrBasics exeC Program Files Common Files Symantec Shared CCSVCHST EXEC WINDOWS ALCXMNTR EXEC Program Files XemiComputers Active Desktop Calendar ADC exeC WINDOWS system ctfmon exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Google Google Updater GoogleUpdater exeC Program Files Microtek ScanWizard ScannerFinder exeC WINDOWS system svchost exeC Program Files Seagate AutoBackup MemeoBackup exeC Program Files Messenger msmsgs exeC Program Files Verizon Wireless VZAccess Manager VZAccess Manager exeC Documents and Settings Owner Desktop dss exeR - HKCU Software Microsoft Internet Explorer Main Defaul... Read more

A:Infected: Trojan.win32.pakes.jxe And Trojan-downloader.bat.ftp.ab

Please disregard the earlier posting. I have resolved the virus issues.

Thank you,

GeeTeePee

http://www.bleepingcomputer.com/forums/t/160483/infected-trojanwin32pakesjxe-and-trojan-downloaderbatftpab/
Relevancy 40.42%

A couple days I go I got infected by a trojan vundo I By Infected Downloader/trojan.metajuan/trojan.vundo think Now all these pop ups and misleading applications appear randomly even if i have my pop up blocker on and the windows firewall My symantec norton anti Infected By Downloader/trojan.metajuan/trojan.vundo virus blocked and managed to get rid of it but in the end the virus bug or whatever it is keeps on comming back And after I scanned my computer the pop ups still appear not sure if they are even pop ups since the quot advertisement quot opens up on another internet explorer browser I'm beginning to have trouble loading websites and such even though my internet is working fine I'm having trouble posting here and loading the page too Any help would be appreciated Thanks Deckard's Infected By Downloader/trojan.metajuan/trojan.vundo System Scanner v Run by admin on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- Infected By Downloader/trojan.metajuan/trojan.vundo - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Last known good configuration - - UTC - RP - Removed Adobe Photoshop CS - - UTC - RP - Last known good configuration - - UTC - RP - Last known good configuration-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup Percentage of Memory in Use more than Total Physical Memory MiB MiB recommended -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS stsystra exeC Program Files MyWebSearch bar bin MWSOEMON EXEC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC Program Files LexmarkX ACMonitor X exeC Program Files LexmarkX AcBtnMgr X exeC WINDOWS system spool drivers w x printray exeC Program Files Yahoo browser ybrwicon exeC Program Files SBC Self Support Tool SmartBridge MotiveSB exeC Program Files Yahoo YOP yop exeC Program Files Yahoo browser ycommon exeC Program Files OLYMPUS OLYMPUS Master Monitor exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC WINDOWS system bgsvcgen exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system svchost exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Yahoo Messenger Ymsgr tray exeC Program Files Yahoo YOP SSDK exeC Program Files Google Google Updater GoogleUpdater exeC Program Files SBC Self Support Tool bin mpbtn exeC Program Files iPod bin iPodService exeC Program Files USB Sharing usbshare exeC Program Files Yahoo Yahoo Music Jukebox ymetray exeC Program Files USBSW usbsw eng exeC Program Files HP Digital Imaging bin hpqimzone exeC WINDOWS system wuauclt exeC Program Files Java jre bin jucheck exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system rundll exeC WINDOWS system DKabcoms exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files Norton... Read more

A:Infected By Downloader/trojan.metajuan/trojan.vundo

Hi,Please uninstall MyWebSearch via software > add & remove programs.Reboot afterwards.After reboot, * Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

http://www.bleepingcomputer.com/forums/t/143640/infected-by-downloadertrojanmetajuantrojanvundo/
Relevancy 40.42%

Both of these files are in the system32 folder, I do not know if they have been infected with a virus or if it was the virus who putted them there in the first place, but I can not delete them since they are in the system32 folder. I use windows XP Home Edition with Internet Explorer.

The viruses are located there:

Trojan.Dropper.Cutwail.D: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRV26\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\WINRV26.SYS Detected: Trojan.Dropper.Cutwail.D

Trojan.Inject.IA: C:\windows\System32\svchost.exe (memory dump) Detected: Trojan.Inject.IA
C:\windows\System32\svchost.exe (full dump) Infected with: Trojan.Inject.IA

How do I get rid of those viruses?

A:Help, Infected With Trojan.dropper.cutwail.d And With Trojan.inject.ia

There are instructions for removing Trojan.Dropper.Cutwail here.The removal method involves editing the registry, so please be careful and backup the registry first. For backing up the registry I like to use ERUNT.I would then run a full system scan with Malwarebytes' Anti-Malware.

http://www.bleepingcomputer.com/forums/t/151714/help-infected-with-trojandroppercutwaild-and-with-trojaninjectia/
Relevancy 40.42%

Hi there heres my log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost & with Trojan.Adclicker.HB 826214 Infected trojan generic exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C Program Files Intel Intel Matrix Storage Manager Iaanotif exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Microsoft IntelliPoint point exe C Program Files Seagate Basics Basics Status MaxMenuMgrBasics exe C Program Files BitDefender BitDefender bdagent exe C Program Files iTunes iTunesHelper exe C Program Files Dell Support DSAgnt exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C Program Files Webshots WebshotsTray exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe Infected with Trojan.Adclicker.HB & trojan generic 826214 C Program Files Seagate Basics Service SyncServicesBasics exe C Program Files Bonjour mDNSResponder exe C Program Files Diskeeper Corporation Diskeeper DkService exe C Program Files Intel Intel Matrix Storage Manager Iaantmon exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Common Files BitDefender BitDefender Communicator xcommsvr exe C Program Files Common Files BitDefender BitDefender Update Service livesrv exe C Program Files BitDefender BitDefender vsserv exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe c program files internet explorer iexplore exe C WINDOWS system ctfmon exe C Program Files Azureus Azureus exe C Program Files Java jre bin javaw exe C Program Files Mozilla Firefox firefox exe C PC Apps Hijackthis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext http us mcafee com root learnmore ue amp lcode en-us R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar BitDefender Toolbar - FFDE - - f -B D-FC A F C - C Program Files BitDefender BitDefender IEToolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager Iaanotif exe O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startup O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -start O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run Easy-PrintToolBox C Program Files Canon Easy-PrintToolBox BJPSMAIN EXE logon O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run PCSuiteTrayApplication C PROGRA Nokia NOKIAP LAUNCH EXE -startup O - HKLM Run basicsmssmenu quot C Program Files Seagate Basics Basics Status MaxMenuMgrBasics exe quot O - HKLM Run BDAgent quot C Program Files BitDefe... Read more

Relevancy 40.42%

Hi My system has been infected with Trojan Virtumonde Trojna-Downloader Agent OGP viruses These were identified by Spyware Doctor after identifying them Spyware doctor prompts me to reboot the system so that they can be removed But once the system is started againg they are there Again Spyware Doctor identifies them and tries to Fix them again asking to re-boot the system This keeps on going but the viruses are still there The Trojan Virtumonde virus is associated with the basesr dll file in System folder The basesr dll file description shows - Alcohol Company-Alcohol Soft Development Team Due to this I am receiving lot of unusual with Infected Trojan.Virtumonde/Trojan-Downloader.Agent.OGP pop-up screens Internet Explorer is Re-directing to different web pages instead of the expected page Internet explorer takes lot of time to load a page CPU usage seems to Unkown process are executing in windows task manager Please resolve the same for me let me know Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP for anything DDS txt details DDS Ver - - - NTFSx Run by Clement at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Prevx On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch C WINDOWS system svchost -k rpcss C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system spoolsv exe C Program Files Dell Network Assistant hnm svc exe C WINDOWS Explorer EXE C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Spyware Doctor pctsTray exe C WINDOWS VM STI EXE C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system rundll exe C Program Files Spyware Doctor pctsAuxs exe C WINDOWS system ctfmon exe C Program Files Spyware Doctor pctsSvc exe C Program Files Dell Network Assistant ezi hnm exe C Program Files Digital Line Detect DLG exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe -k imgsvc C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS System alg exe C WINDOWS SYSTEM NOTEPAD EXE C WINDOWS System svchost exe -k HTTPFilter C Program Files Internet Explorer iexplore exe C Program Files Veoh Networks Veoh VeohClient exe C Documents and Settings Clement Desktop dds scr C WINDOWS system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uDefault Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyServer http localhost uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s BHO b - f - -bda - a d d a be - c windows system basesr dll BHO c windows system afnoinkdsfe dll c ba a - f - bd-f - a c - c windows system afnoinkdsfe dll TB Veoh Browser Plug-in d - - -a b -aefaf ab - c program files veoh networks veoh plugins reg VeohToolbar dll TB amp Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll TB Veoh Web Player Video Finder fbb -d d - f a-a e - b bfc - c program files veoh networks veohwebplayer VeohIEToolbar dll TB EF BD -C FB- D - F- D F - No File TB B B -DF B- AC-BBE -BCC A B B - No File TB F F AF- - B -A - - No File uRun Messenger Yahoo quot c program files yahoo messenger YahooMessenger exe quot -quiet uRun Yahoo Pager quot c program files yahoo messenger YahooMessenger exe quot -quiet uRun ctfmon exe c windows system ctfmon exe uRun autochk rundll exe c docume networ protect dll IWMPEvents uRun prnet quot c windows system prnet tmp quot mRun ISTray quot c program files spyware doctor pctsTray exe quot mRun dellsupportcenter quot c program files dell suppor... Read more

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP

Hello mercyman,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.

http://www.bleepingcomputer.com/forums/t/224547/infected-with-trojanvirtumondetrojan-downloaderagentogp/
Relevancy 40.42%

I think pc is infected with Win Trojan-gen I horse Trojan Win32:Trojan-gen infected Generic14.FPT and think with is pc and I think pc is infected with Win32:Trojan-gen and Trojan horse Generic14.FPT Trojan horse Generic FPT and possibly with more unknow malware spyware help required Hello Friends I believe my PC is infected Day before Yesterday I think pc is infected with Win32:Trojan-gen and Trojan horse Generic14.FPT night I had a complete scan of my PC using AVAST antivirus and it did not show any infection I keep my antivirus software completely upto date I have a screensaver which when avtivated activates the avast antivirus to scan files randomly and it's displayed on the screen After complete scanning of my PC later in the day when the scrensaver activated the avast antivirus to scan files randomly it detected the following VIRUS infection - Win Trojan-gen in couple of my installed software application which I had not used last couple of days I moved the files to the virus vault In addition to AVAST AV I have installed the following PC protection softwares and I keep them upto date Spybot Search amp Destroy AVG Free Ad-Aware Spyware terminator Malwarebytes Anti- Malware Windows Defender I scanned using the above softwares and the results were negative Two days back AVG Free AV reported the software app for playing DVD files on my PC as infected the infection being Trojan horse Generic FPT I immediately uninstalled it and tried to do a fresh installation of the same app HERO DVD player and during installation I again got the warning saying the installation file is infected Is it possible for the only single installation file Set up file to get infected if its not touched for a long time Similarly the main setup file of some other app were also reported as infected although they have been in my harddisk untouched for a long time Simillary couple of days back my system restore files were also infected which i removed by deleting the system restore file Right now I have the installation file Set up file of some programs used regularly saved on my hardidsk and am unsure if any of them are infected I would also like to add that my AVG AV detected 'trojan Win HRC' while routine scanning Kindly guide what need to be done to ensure all infection IF ANY are cleaned How do i ensure right now my system is infection free I read on your site abt softwware like combofix I downloaded it but has not yet run it Pls guide I have downloaded DDS from this site and ran a complete scan and the DDS text file is pasted below and the Attach text file is zipped and attached along with this mail In anticipation kindly guide In anticipaion Thanks DDS Ver - - - NTFSx Run by Sudhir at on Thu Internet Explorer Microsoft Windows XP Professional GMT AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D FW ZoneAlarm Firewall disabled BDA - B - F - -F FCFF F B Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe E Windows Defender MsMpEng exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe E Avast aswUpdSv exe E Ad-Aware Aniversary edition Lavasoft Ad-Aware AAWService exe C WINDOWS Explorer EXE E Avast ashServ exe C WINDOWS system spoolsv exe E AVGANT avgwdsvc exe C WINDOWS system inetsrv inetinfo exe E NERO ULTRA Nero InCD InCDsrv exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE E AVGANT avgrsx exe E AVGANT avgnsx exe E SQL Standard Edition MSSQL MSSQL Binn sqlservr exe E SQL Standard Edition MSSQL OLAP bin msmdsrv exe E SQL Standard Edition MSSQL Reporting Services ReportServer bin ReportingServicesService exe E Spyware Terminator Spyware Terminator sp rsser exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Ulead Systems DVD ULCDRSvr exe E AVGANT avgemc exe C Program Files Canon CAL CALMAIN exe E AVG Anti-Virus avg... Read more

A:I think pc is infected with Win32:Trojan-gen and Trojan horse Generic14.FPT

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/277741/i-think-pc-is-infected-with-win32trojan-gen-and-trojan-horse-generic14fpt/
Relevancy 40.42%

Hi Seems to be a common thread and Trojan.win32.vapsup.eie And Infected Trojan-downloaderwin32 With one that I thank you in advance for helping me to resolve Inundated with pop ups that are not detected or able to be deleted by Trend micro PCcillin My system is sluggish no make that down right slow particularly when connect to Infected With Trojan.win32.vapsup.eie And Trojan-downloaderwin32 the internet and I recieve all of the Infected With Trojan.win32.vapsup.eie And Trojan-downloaderwin32 following Generic pop ups and system warningsSystem integrity scan wizard pop upSecurity warning WormWin Netbooster pop upDesktop shotcuts to error cleaner privacy protector and spyware malware protection all pointing to URL viruswebprotect com shandler php Task manager is disabled Internet explorer home page changed to www softwarereferral com as well as trying to download other pages which Trend designate as bad web pages i e www safenavweb com and jump Please find below DSS and Kaspersky scans I appreciate you time and efforts to help someone that is not that great with computers but can follow instructions Many thanksKuebdDeckard's System Scanner v Run by Ken on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup Percentage of Memory in Use more than -- HijackThis run as Ken exe -------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS system nvsvc exeC PROGRA TRENDM INTERN PcCtlCom exeC WINDOWS system HPZipm exeC WINDOWS System svchost exeC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC PROGRA TRENDM INTERN tmproxy exeC Documents and Settings All Users Application Data bqrsvarw lmxovqzk exeC WINDOWS htpatch exeC WINDOWS SOUNDMAN EXEC WINDOWS system svchost exeC WINDOWS Dit exeC Program Files Common Files Microsoft Shared Works Shared WkUFind exeC Program Files QuickTime qttask exeC WINDOWS System ezSP Px exeC WINDOWS DitExp exeC Program Files Telstra Cable Login bpcable exeC Program Files Common Files Real Update OB realsched exeC Program Files CyberLink DVD Solution PowerDVD PDVDServ exeC Program Files Microsoft IntelliType Pro type exeC Program Files Microsoft IntelliPoint point exeC Program Files dvd dvd tray exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Java jre bin jusched exeC Program Files Trend Micro Internet Security pccguide exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC WINDOWS system mjcringd exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Common Files Microsoft Shared Works Shared WkCalRem exeC Program Files Microsoft Office Office OSA EXEC Program Files HP Digital Imaging bin hpqSTE exeC PROGRA TRENDM INTERN PcScnSrv exeC Program Files Telstra Cable Login bpcService exeC Program Files HP Digital Imaging Product Assistant bin hprblog exeC Documents and Settings Ken Desktop dss exeC Program Files Java jre bin jucheck exeC PROGRA TRENDM HIJACK Ken exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http g ninemsn com au SEENAU SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Search Page http g ninemsn com au SEENAU SAOS FORM TOOLBRR - HKCU Software Microsoft Internet Explorer Main Start Page http s... Read more

A:Infected With Trojan.win32.vapsup.eie And Trojan-downloaderwin32

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/145088/infected-with-trojanwin32vapsupeie-and-trojan-downloaderwin32/
Relevancy 40.42%

Hi there I'm infected with some very annoying trojan ive previously ran adaware spybot search and destroy avg free antivirus avast Some of Also With A/k/a Trojan Am W32/[email protected] Infected I With: Zlob Infected these picked up the problem but im still getting the yourieprotect homepage when i go on internet explorer I have ran everything as per this link http www bleepingcomputer com forums t how-to-remove-virusburst-removal-instructions This is my smit file smitRem log file version by noahdfearMicrosoft Windows XP Version IE The current date is Wed The current time is Running fromC Documents and Settings Mourad Desktop smitRem Pre-run SharedTask Export GetSTS exe SharedTaskScheduler exporter by Lawrence Abrams Grinler Copyright BleepingComputer comRegistry Pseudo-Format Mode Not a valid reg file HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer SharedTaskScheduler C -A BA- D -B B- A C E Browseui preloader C EF- B - d I Am Also Infected With: Infected With W32/[email protected] A/k/a Zlob Trojan -BE - C Component Categories cache daemon HKEY LOCAL MACHINE SOFTWARE Classes CLSID C -A BA- D -B B- A C E InProcServer SystemRoot system browseui dll HKEY LOCAL MACHINE SOFTWARE Classes CLSID C EF- B - d -BE - C InProcServer SystemRoot system browseui dll Appinitdll check Thank you Grinler dumphive exe - Markus StephanyREGEDIT Windows AppInit DLLs DeviceNotSelectedTimeout GDIProcessHandleQuota dword Spooler yes swapdisk TransmissionRetryTimeout USERProcessHandleQuota dword XP Firewall allowed accessWindows Registry Editor Version HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services SharedAccess Parameters FirewallPolicy StandardProfile AuthorizedApplications List windir system sessmgr exe windir system sessmgr exe enabled xpsp res dll - C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger msnmsgr exe Enabled Windows Live Messenger C Program Files MSN Messenger msncall exe C Program Files MSN Messenger msncall exe Enabled Windows Live Messenger Phone C Program Files Grisoft AVG Free avginet exe C Program Files Grisoft AVG Free avginet exe Enabled avginet exe C Program Files Grisoft AVG Free avgemc exe C Program Files Grisoft AVG Free avgemc exe Enabled avgemc exe C Program Files Messenger msmsgs exe C Program Files Messenger msmsgs exe Enabled Windows Messenger C Program Files Ares Ares exe C Program Files Ares Ares exe Enabled Ares C Program Files Yahoo Games Scrabble Scrabble exe C Program Files Yahoo Games Scrabble Scrabble exe Enabled SCRABBLE r checking for ShudderLTD keyShudderLTD key not present checking for PSGuard com keyPSGuard com key not present checking for WinHound com keyWinHound com key not present checking for drsmartload keydrsmartload key not present spyaxe uninstaller NOT presentWinhound uninstaller NOT presentSpywareStrike uninstaller NOT presentAlfaCleaner uninstaller NOT presentSpyFalcon uninstaller NOT presentSpywareQuake uninstaller NOT presentSpywareSheriff uninstaller NOT presentTrust Cleaner uninstaller NOT presentSpyHeal uninstaller NOT presentVirusBurst uninstaller NOT presentBraveSentry uninstaller NOT presentAntiVermins uninstaller NOT presentVirusBursters uninstaller NOT present Existing Pre-run Files Program Files Shortcuts Favorites system folder Icons in System Windows directory Drive root Miscellaneous Files folders Command Line Process Viewer Killer Suspender for Windows NT XP V Copyright - Craig Peacock beyondlogic orgKilling PID 'explorer exe'Starting registry repairsRegistry repairs complete SharedTask Export after registry fix GetSTS exe SharedTaskScheduler exporter by Lawrence Abrams Grinler Copyright BleepingComputer comRegistry Pseudo-Format Mode Not a valid reg file HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer SharedTaskScheduler C -A BA- D -B B- A C E Browseui preloader C EF- B - d -BE - C Component Categories cache daemon HKEY LOCAL MACHINE SOFTWARE Classes CLSID C -A BA- D -B B- A C E InProcServer SystemRoot system browseui dll H... Read more

A:I Am Also Infected With: Infected With W32/[email protected] A/k/a Zlob Trojan

Hi medicineman1984 and welcome to Bleeping Computer Please post a HijackThis log to here:Click here to download HijackThis.exe Save HijackThis.exe to your desktop. Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder. Run HijackThis.exeClick on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

http://www.bleepingcomputer.com/forums/t/73683/i-am-also-infected-with-infected-with-w32myzorfkyf-aka-zlob-trojan/
Relevancy 39.99%

Hello My computer is infected with several Trojans and I would like some help if possible I ran Malwarebytes and it found Malware Trace Trojan Agent Trojan FakeAlert Infected and white more smoke trojan.gen, trojan.adh, w/ Trojan Downloader and Rouge WinAntiVirus I had to get my computer off of our network because the processor was running at the the fans were running wide open I Infected w/ trojan.gen, trojan.adh, white smoke and more am posting this from a non-infected computer This Trojan disabled my Norton and now I cannot re-enable it to complete a scan Thanks for your help in advance BF I ran DDS and here are the results DDS Ver - - - NTFSx Run by Owner at on Sun Internet Explorer Microsoft Windows XP Professional GMT - AV Symantec Endpoint Protection Enabled Updated FB E- B - A- F -E D C Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Symantec Symantec Endpoint Protection Smc exe svchost exe C WINDOWS system Ati evxx exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system rundll exe svchost exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C WINDOWS eHome ehRecvr exe C Program Files Digital Media Reader readericon G exe C WINDOWS RTHDCPL EXE C WINDOWS zHotkey exe C WINDOWS eHome ehSched exe C Program Files Lexmark Lexmark Precision Photo MemCard exe C Program Files Adobe Photoshop Elements apdproxy exe C Program Files Common Files Java Java Update jusched exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS ehome ehtray exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Messenger msmsgs exe C Program Files Java jre bin jqs exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system wuauclt exe C Program Files Symantec Symantec Endpoint Protection SmcGui exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uStart Page hxxp www yahoo com uSearch Page hxxp www google com mSearchAssistant hxxp www gateway com g sidepanel html Ch Retail amp Br EM amp Loc ENG US amp Sys DTP amp M T BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO EWPBrowseObject Class f e- - e - aaf- bc a a be - c program files canon easy-webprint EWPBrowseLoader dll BHO E D - A- EC-A -BA D E E - No File BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO Yontoo Layers fd e- fde- d-a a- bab cad - c program files yontoo layers client YontooIEClient dll TB Easy-WebPrint c -e d- c -aa d- ac baba c - c program files canon easy-webprint Toolband dll TB amp Google c b - - d - b - a cd f - c program files google googletoolbar dll TB BED - E E- D -BACC- DF D - No File uRun Power GoExpress NA uRun ctfmon exe c windows system ctfmon exe uRun updateMgr quot c program files adobe acrobat reader AdobeUpdateManager exe quot AcRdB -reboot uRun swg quot c program files google googletoolbarnotifier GoogleToolbarNotifier exe quot uRun cdloader quot c documents and settings owner application data mjusbsp cdloader exe quot MAGICJACK uRun Google Update quot c documents and settings owner local settings application data google update Go... Read more

A:Infected w/ trojan.gen, trojan.adh, white smoke and more

Hello biggfish ,This infection is always accompanied by a rootkit, so let's deal with that first, then we'll see about anything else that might be happening:Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

http://www.bleepingcomputer.com/forums/t/380539/infected-w-trojangen-trojanadh-white-smoke-and-more/
Relevancy 39.99%

Computer started running really slow last night so I scanned it with malwarebytes and security essentials today and these are what popped up Trojan DOS Alureon A in microsoft security essentials Trojan Agent file and Trojan Infected Trojan.Agent with and Trojan:DOS/Alureon.A Agent memory in malwarebytes I Infected with Trojan:DOS/Alureon.A and Trojan.Agent tried to Infected with Trojan:DOS/Alureon.A and Trojan.Agent clean and restart but they are still showing up DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by JONES at on - - Running Processes C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS c Program Files Microsoft Security Client MsMpEng exe C Infected with Trojan:DOS/Alureon.A and Trojan.Agent windows System svchost exe -k LocalServiceNetworkRestricted C windows System svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k netsvcs C windows system svchost exe -k GPSvcGroup C windows system svchost exe -k LocalService C windows system svchost exe -k NetworkService C windows System spoolsv exe C windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Application Updater ApplicationUpdater exe C Program Files Common Files EPSON EPW SSRP E WT RP EXE C Program Files x TuneUp Utilities TuneUpUtilitiesService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe c Program Files Microsoft Security Client NisSrv exe C windows system svchost exe -k NetworkServiceNetworkRestricted C windows system taskhost exe C Program Files x TuneUp Utilities TuneUpUtilitiesApp exe C windows Explorer EXE C Program Files Microsoft Security Client msseces exe C Program Files x Common Files Spigot Search Settings SearchSettings exe C windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Internet Explorer iexplore exe globalroot systemroot svchost exe -netsvcs C windows servicing TrustedInstaller exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe c Program Files Microsoft Security Client MpCmdRun exe c Program Files Microsoft Security Client MpCmdRun exe C windows system taskeng exe C windows System cscript exe C windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www yahoo com mStart Page hxxp www google com uURLSearchHooks lt No Name gt - LocalServer - lt no file gt uURLSearchHooks FreeRIP Toolbar E A- CF- BC -B AB- F FD C - C Program Files x FreeRIP Toolbar IE freeripToolbarIE dll BHO IEPlugin Class - B- E -BD -EFB B - C Program Files x ArcSoft Media Converter for Philips Internet Video Downloader ArcURLRecord dll BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO PlusIEEventHelper Class A F- A - A - C -AFBEC A D - C Program Files x Nuance PDF Professional bin PlusIEContextMenu dll BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll BHO Windows Live ID Sign-in Helper D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Google Toolbar Helper AA ED - DD- d - -CF F - C Program Files x Google Google Toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll BHO Office Document Cache Handler B F A - E - -BA - B E FF - C Program Files x Microsoft Office Office URLREDIR DLL BHO Google Dictionary Compression sdch C D FE-E D- -BB - C E E C E - C Program Files x Google Google Toolbar Component fastsearch B C AC BB E dll BHO WOT Helper C E A- F - E -BDD -A E FEB - C Program Files x WOT WOT dll BHO ZeonIEEventHelper Class DA D D-CCAF- B - FE-BFA BEBF - C Program Files x Nuance PDF Professional bin ZeonIEFavClient dll BHO Java Plug-In SSV Helper DBC -A - b-BC - C ... Read more

A:Infected with Trojan:DOS/Alureon.A and Trojan.Agent

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.MBAR tutorialDownload Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.

http://www.bleepingcomputer.com/forums/t/487604/infected-with-trojandosalureona-and-trojanagent/
Relevancy 39.99%

I get notifications from Norton that it has detected Trojan AdClicker and Trojan Powerlik Trojan.Powelik with Trojan.AdClicker Infected and activity on my desktop This will happen even when an internet explorer browser is not running The computer will go back to the desktop icons when a program is running fullscreen The fan will usually start running loudly as well I've noticed lots of dllhost exe processes starting themselves in the Task Manager as well I can end process on them but they just start themselves up Infected with Trojan.AdClicker and Trojan.Powelik again Any help would be much appreciated Thank you Here is my DDS txt log - DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by Getter at on - - Microsoft Windows Home Premium GMT - AV Norton Internet Security Enabled Updated D FA C -F - B -D EC- EDF CEDB SP Norton Internet Security Enabled Updated E -D C- F-EC C- AD B SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF FW Norton Internet Security Enabled E E -BF - E -FDB -A EAC E A Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows System WUDFHost exe C Windows system atieclxx exe C Windows System WUDFHost exe C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Common Files Adobe ARM armsvc exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Hewlett-Packard HP Easy Backup HPBtnSrv exe c Program Files x Common Files LightScribe LSSrvc exe C Program Files x Memeo AutoBackup MemeoBackgroundService exe C Program Files Microsoft SQL Server MSSQL SQLEXPRESS MSSQL Binn sqlservr exe C Program Files x Norton Internet Security Engine NIS exe C Program Files x Seagate Seagate Dashboard Seagate Dashboard DASWindowsService exe C Program Files x Seagate Seagate Dashboard SeagateDashboardService exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows system SearchIndexer exe C Windows System WUDFHost exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system SearchProtocolHost exe C Windows system wbem wmiprvse exe C Program Files x Google Update GoogleUpdate exe C Program Files x Hewlett-Packard HP Support Framework hpsa service exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Windows system taskhost exe C Program Files x Norton Internet Security Engine NIS exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Microsoft Mouse and Keyboard Center ipoint exe C Program Files Microsoft Mouse and Keyboard Center itype exe C Program Files Hewlett-Packard HP MediaSmart SmartMenu exe C Program Files Logitech GamePanel Software LGDevAgt exe C Program Files Logitech GamePanel Software LCD Manager LCDMon exe C Program Files Logitech GamePanel Software G-series Software LGDCore exe C Program Files Microsoft Xbox Accessories XBoxStat exe C Program Files Logitech SetPointP SetPoint exe C Program Files x Seagate Seagate Dashboard Seagate Dashboard Uploader exe C Program Files Common Files LogiShrd KHAL KHALMNPR EXE C Program Files x Citrix SelfServicePlugin SelfServicePlugin exe C Program Files x Hewlett-Packard HP Odometer hpsysdrv exe C Program Files x Hewlett-Packard HP Remote Solution HP Remote Solution exe C Program Files x hp HP Software Update hpwuschd exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x ATI Technologies ATI ACE Core-Static MOM... Read more

A:Infected with Trojan.AdClicker and Trojan.Powelik

I had a similar issue on my laptop not that long ago, and the helpful and wonderful forum tech was able to help me clean that up.  At the time, my desktop was not behaving strangely but I thought it might only be a matter of time.
 
I ran DDS again while it was launching dllhost and other dlls, here is that DDS log - and Attach.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Getter at 11:05:56 on 2014-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.2414 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\... Read more

http://www.bleepingcomputer.com/forums/t/559586/infected-with-trojanadclicker-and-trojanpowelik/
Relevancy 39.99%

My norton AntiVirus detected two viruses Trojan startPage c windows system ntstub dllDownload Trojan c windows system IRJIT DLLTried to delete them by Norton but failed Would anyone help me get rid of them My HJT log is as follows Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Infected Trojan.startpage Download.trojan And Help! With SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Help! Infected With Trojan.startpage And Download.trojan Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared SNDSrvc exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS System brsvc a exeC WINDOWS System brss a exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Canon BJCard Bjmcmng exeC WINDOWS system Brmfrmps Help! Infected With Trojan.startpage And Download.trojan exeC tools VPN cvpnd exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files Norton AntiVirus navapsvc exeC Program Files Norton AntiVirus IWP NPFMntor exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS SYSTEM RUNDLL EXEC WINDOWS Explorer EXEC windows system hpsysdrv exeC WINDOWS system hkcmd exeC WINDOWS system FFA exeC WINDOWS system bcmwltry exeC toolsQuickTime qttask exeC Program Files Common Files Real Help! Infected With Trojan.startpage And Download.trojan Update OB realsched exeC Program Files Canon BJPV TVMon exeC Program Files Canon BJCard BJLaunch exeC WINDOWS system igfxtray exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Maxtor OneTouch utils Onetouch exeC WINDOWS System svchost exeC WINDOWS MXOALDR EXEC WINDOWS system conime exeC WINDOWS Mixer exeC Program Files PCI Audio Applications Bin EchoCtrl exeC WINDOWS system wuauclt exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC WINDOWS system wuauclt exeC HijackThis HijackThis exeO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C tools Acrobat Reader ActiveX AcroIEHelper ocxO - BHO IeCatch Class - A -E CA- D - CD - D B - C tools FlashGet jccatch dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dllO - BHO NTIECatcher Class - C CB B - D - D - C -B B - C tools NetTransport NTIEHelper dllO - Toolbar FlashGet Bar - E E AB-F - D - D - BA E - C tools FlashGet fgiebar dllO - Toolbar Easy-WebPrint - C -E D- c -AA D- AC BABA C - C Program Files Canon Easy-WebPrint Toolband dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run PS C WINDOWS system ps exeO - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS System IME PINTLGNT ImScInst exe SYNCO - HKLM Run PHIME ASync C WINDOWS System IME TINTLGNT TINTSETP EXE SYNCO - HKLM Run PHIME A C WINDOWS System IME TINTLGNT TINTSETP EXE IMENameO - HKLM Run NeroCheck C WINDOWS System NeroCheck exeO - HKLM Run Ntech patchs C WINDOWS system FFA exeO - HKLM Run bcmwltry bcmwltry exeO - HKLM Run removecpl RemoveCpl exeO - HKLM Run QuickTime Task quot C toolsQuickTime qttask exe quot -atboottimeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run BJPD HID Control C Program Files Canon BJPV TVMon exeO - HKLM Run BJLaunchEXE C Program Files C... Read more

A:Help! Infected With Trojan.startpage And Download.trojan

Hello pinkpony,Welcome to Bleeping Computer Optional - FLASHGET I note in your log that you have FlashGet the download manager - be aware that the trial copy bundles Cydoor adware, but when you register the Ads disappear.To remove the program: Go to Start > Settings > Control Panel > Add/Remove Programs and remove it. Your call.Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O4 - HKLM\..\Run: [Ntech.patchs] C:\WINDOWS\system32\8FFA.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\tools\QQ\QQ.EXEO9 - Extra 'Tools' menuitem: ????QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\tools\QQ\QQ.EXEIf you uninstalled FLASHGET, then please check the following also : O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\tools\FlashGet\jccatch.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\tools\FlashGet\fgiebar.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\tools\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\tools\FlashGet\flashget.exeClose all browser and other windows except for HijackThis!, and click "Fix Checked".Please enable viewing of hidden files as follows:1) Go to My Computer, and click on the "Tools" menu2) Click "Folder options"3) Select the "View" tab4) Make sure "Show hidden files and folders" is selected5) Make sure "Hide extensions for known file types" is unchecked6) Make sure "Hide protected operating system files (recommended)" is uncheckedNext, delete the following folders/files (if they exist):C:\WINDOWS\system32\conime.exeC:\WINDOWS\system32\8FFA.exeC:\WINDOWS\system32\res.exeC:\tools\QQ\QQ.EXE Search for and delete :ALCXMNTR.EXEOptionally, if you uninstalled, delete this folder : C:\tools\FlashGetReboot your computerUse Cleanmgr to clean temporary files: 1. Click > start > run and type cleanmgr and click OK 2. Scan your system for files to remove. 3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked. 4. Click OK to remove those files. 5. Click Yes to confirm deletion.Please download, install, and update the free version of Ewido Anti-Malware:When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.From the main Ewido screen, click on update in the left menu, then click the Start update button.After the update finishes, the status bar at the bottom will display "Update successful"Click on ScannerClick on Complete System Scan and the scan will begin.If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.When the scan is finished, click the Save report button at the bottom of the screen.Save the report to your desktopClose EwidoIn your reply, please post the log from Ewido and a new HijackThis log. How is your computer running?Thanks,tea

http://www.bleepingcomputer.com/forums/t/52418/help-infected-with-trojanstartpage-and-downloadtrojan/
Relevancy 39.99%

I With Infected Trojan-ace-x And Trojan-downloader-zlob have Webroot's Infected With Trojan-ace-x And Trojan-downloader-zlob SpySweeper and McAfee ASecurity runni Among other cookies it indicated that it had removed Trojan-Ace-X and Trojan-Downloader-Zlob I have had the following issues since Spy Sweeper indicates that it has blocked because it is a potential threat and the website is related to spyware I believe Spy Sweeper is blocking the following website which I have never and have no desire to go to www safenavweb com index php sid amp said amp pn amp aid amp pid A message appears that says The webpage is unavailable because you are offline I also noticed that when I try to access Task Manager a message pops up that says it was disabled by Infected With Trojan-ace-x And Trojan-downloader-zlob the administrator I am the administrator and I have never disabled it In addition I get the following warnings which I do not believe are from SpySweeper Windows Security AlertWindows has intercepted an internet attack attempt Somebody s trying to infect your PC with Spyware or harmful Infected With Trojan-ace-x And Trojan-downloader-zlob viruses Run full system scan now to protect your PC from Internet attacks hijacking attempts and spyware Click here to download spyware remover for total protection System Alert in System TraySystem detected virus activities These may impact the performance of your computer Please use the recommended On my webpage I now see the message Warning possible adware or adware infection Click here to scan your computer for spyware and adware Spyware Alert Security Warning Worm Win NetSky detected on your machine This virus is distributed through the internet through e-mail and Active-X objects The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself In worst cases this worm can allow attackers to access your computer stealing passwords and personal data This process should be removed from your system Type VirusSystem Affected Windows NT ME XP VistaSecurity Risk - Recommendations Click Yes to remove it from PC immediately SpySweeper's support said I should run SpySweeper times consecutively It did not work This led me searching on the internet to a reference to bleepingcomputer from PC Magazine I found post http www bleepingcomputer com forums t how-to-remove-virusprotect-or-virus-protect-removal-instructions which told me of the VirusProtect ruse I followed the directions and it gave me back control of Task Manager and for about minutes allowed me to search the internet without a problem But then I noticed that the message on my webpage remains Warning possible adware or adware infection Click here to scan your computer for spyware and adware This I know will send me to a malware siteI found the link to http www bleepingcomputer com forums t preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help and went through all the steps After all this the message on my webpage still remainsWarning possible adware or adware infection Click here to scan your computer for spyware and adware occassionally internet explorer tools is accessed and work offline is accessed which interrupts my ability to access the internet Spybot is continously every - seconds putting up the message Registery change denied Identified as user backlist Resident denied change of Search Bar category Browser page based on your black list It is running all over my desktop Zone Alarm indicates on its anti-virus monitoring that it cannot detect anti-virus running on my computer that it can detect This despite I am running McAfee Security SpySweepr SpyBot AdAware etc Zone Alarm continually tells me that the firewall has blocked Internet access to your computer NetBIOS Session from TCP Port TCP Flags S I don't know if this a problem SpySweeper is telling me that Mal Behav- is running on my computer A sweep is recommended to remove this threat This is malware detected th... Read more

A:Infected With Trojan-ace-x And Trojan-downloader-zlob

Welcome to the BleepingComputer HijackThis Logs and Analysis forum rblack8297My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop.Alternative Combofix download link HERE.Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/127751/infected-with-trojan-ace-x-and-trojan-downloader-zlob/
Relevancy 39.99%

Hello friendsI recently bought new laptop with window vista but my joy was short lived I was tring to Infected And Trojan.virtumonde Trojan.agent With update my computer with software so somewhere I got this BLOODY SPYWARE in my computer Now facing various problem like Can't open Internet explorer so using firefox any ways I always done that When I click it keeps re directing to diifrent Infected With Trojan.virtumonde And Trojan.agent rubbish website There is a balloon at the bottom which keeping poping up and says quot your computer is infected by the spyware click to fix the problem quot and when I click it redirect Infected With Trojan.virtumonde And Trojan.agent me to some soyware site I try to use spybot search and destory though that identified the problem but unable to fix it Though it says problem fixed So I try downloading 'Spydoctor' again that Identify infection Trojan virtumonde and Trojan Agent But it unable to fix the problem because when I restart my computer I am faced by the same problem Please help me Please please I do not know what to do Is very very annoying Below is mine Log Deckard's System Scanner v Run by Nitin on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as Nitin exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows System smss exeC Windows system csrss exeC Windows system wininit exeC Windows system csrss exeC Windows system services exeC Windows system lsass exeC Windows system lsm exeC Windows system winlogon exeC Windows system svchost exeC Windows system svchost exeC Windows System svchost exeC Windows System svchost exeC Windows System svchost exeC Windows system svchost exeC Windows system SLsvc exeC Windows system svchost exeC Program Files Thomson ST service st service exeC Program Files Virgin Broadband PCguard Fws exeC Windows system svchost exeC Windows system Dwm exeC Windows Explorer EXEC Windows System spoolsv exeC Windows system svchost exeC Windows system taskeng exeC Program Files Common Files Authentium AntiVirus dvpapi vista exeC Program Files CA PPRT bin ITMRTSVC exeC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC Program Files Sony Network Utility NSUService exeC Program Files Raxco PerfectDisk PDAgent exeC Windows system svchost exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Windows system svchost exeC Program Files Spyware Doctor pctsTray exeC Program Files Sony VAIO Event Service VESMgr exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exeC Windows System svchost exeC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Program Files Spybot - Search amp Destroy SDWinSec exeC Program Files Sony VAIO Event Service VESMgrSub exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exeC Windows system igfxext exeC Windows system WUDFHost exeC Windows system igfxsrvc exeC Program Files Sony VAIO Power Management SPMgr exeC Program Files Raxco PerfectDisk PDEngine exeC Windows system taskeng exeC ProgramData exqhmfin glanqrct exeC Windows system taskeng exeC Program Files Sony VAIO Update VAIOUpdt exeC Program Files Windows Defender MSASCui exeC Windows System hkcmd exeC Windows System igfxpers exeC Program Files Apoint Apoint exeC Program Files Java jre bin jusched exeC Program Files Thomson ST diagnostics diagnostics exeC Program Files Virgin Broadband advisor Broadbandadvisor exeC Program Files Virgin Broadband PCguard RPS exeC Program Files Common Files Real Update OB realsched exeC Program Files Sony Network Utility LANUtil exeC Program Files Windows Media Player wmpns... Read more

A:Infected With Trojan.virtumonde And Trojan.agent

Hello! Welcome to BC!Please download Malwarebytes' Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Double-click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.If you have trouble with the update process, please download the latest updates here.Double-click the mbam-rules.exe file on your desktop and let it update the application.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please copy and paste the entire report in your next reply. Extra note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.===============================Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."Click the "Download" button to the right.Select the Windows platform from the dropdown menu.Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
Trace and Log FilesClick OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files WindowClick OK to leave the Java Control Panel.===============================Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all a... Read more

http://www.bleepingcomputer.com/forums/t/143738/infected-with-trojanvirtumonde-and-trojanagent/
Relevancy 39.99%

I've removed the virus (it's in ESET quarantine) but my files cannot be open. The following extensions are changes: pdf.exx, avi.exx, jpeg.exx, docx.exx, xls.exx (all my files are .exx). Please help me out to solve it.
 
Thanks,
 
Kind Regards,
 
John Wood

A:Infected with Win32/Filecoder.EM trojan an ER trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575650 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.FRST Download LinkWhen you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.Double click on the FRST icon and allow it to run. Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button. Notepad will open with the results. Post the new logs as explained in the prep guide. Close the program window, and delete the program from your desktop.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/575650/infected-with-win32filecoderem-trojan-an-er-trojan/
Relevancy 39.99%

i have my hijack this log below Logfile of Trend some and agents. C:\dy9.cmd Infected Trojan other by: Trojan.Vundo.H, Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system VTTimer exeC WINDOWS RTHDCPL EXEC PROGRA ALWILS Avast ashDisp exeC Program Files Malwarebytes' Anti-Malware mbamgui exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC WINDOWS system spoolsv exeC Program Files Malwarebytes' Anti-Malware Infected by: Trojan.Vundo.H, C:\dy9.cmd and some other Trojan agents. mbamservice exeC Program Files OpenDNS Updater OpenDNS Updater exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Infected by: Trojan.Vundo.H, C:\dy9.cmd and some other Trojan agents. Files Adobe Acrobat Reader AcroRd exeC Program Files Mozilla Firefox firefox exeC HijackThis exeC hijack this HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http ph rd yahoo com customize ycomp def ph yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKCU Software Microsoft Internet Explorer SearchURL Default http Infected by: Trojan.Vundo.H, C:\dy9.cmd and some other Trojan agents. ph rd yahoo com customize ycomp def ph yahoo comO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO IEHlprObj Class - F A - AF - E -AFED-EDC A B F - C WINDOWS system bgdferw dllO - HKLM Run VTTimer VTTimer exeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run SkyTel SkyTel EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run Malwarebytes' Anti-Malware quot C Program Files Malwarebytes' Anti-Malware mbamgui exe quot starttrayO - HKCU Run hjdsdse C WINDOWS system oukdfgr exeO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Extra context menu item amp Clean Traces - C Program Files DAP Premium Privacy Package dapcleanerie htmO - Extra context menu item amp Download with amp DAP - C Program Files DAP Premium dapextie htmO - Extra context menu item Download amp all with DAP - C Program Files DAP Premium dapextie htmO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - e f - f - d - - ff ffc f - no file O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLLO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - HKLM System CCS Services Tcpip C CC - FE - A- - DEB A NameServer O - Winlogon Notify SASWinLogon - C Program Files SUPERAntiSpyware SASWINLO dllO - Service avast iAVS Control Service aswUpdSv - ALWIL Software - C Program Files Alwil Software Avast aswUpdSv exeO - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast ashServ exeO - Service avast Mail Scanner - ALWIL Software - C Program Files Alwil Software Avast ashMaiSv exeO - Service avast Web Scanner - ALWIL Software - C Program Files Alwil Software Avast ashWebSv exeO - Service MBAMService - Malwarebytes Corporation - C Program Files Malwarebytes' Anti-Malware mbamservice exeO - Service OpenDNS Updater OpenDNS Updater exe - OpenDNS - C Program Files OpenDNS Updater OpenDNS Updater exe--End of file - bytesAND ALSO my malware bytes LOG although the log says the infected files were deleted still after restarting and running malware bytes malicious files would be identified Malwarebytes' Anti-Malwa... Read more

A:Infected by: Trojan.Vundo.H, C:\dy9.cmd and some other Trojan agents.

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.Download and Run FlashDisinfectorPlease download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.Download and Run ATFCleanerPlease download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.Under Main Select Files to Delete choose: Select All.Click the Empty Selected button.If you use Firefox browser also...Click Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser also...Click Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Download and Run OTScanItDownload OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.Check the Scan all users box at the top left.Change the Rootkit Scan setting from "No" to Yes.Click the Extras button under "Additi... Read more

http://www.bleepingcomputer.com/forums/t/197993/infected-by-trojanvundoh-cdy9cmd-and-some-other-trojan-agents/
Relevancy 39.99%

Starting yesterday afternoon my computer began slowing and a quot Security Tool quot icon appeared at bottom right of screen with pop up I did not click on either and immediately began researching Downloaded Malwarebytes Anti-Malware ran and discovered infected files and removed Unfortunately the Trojans appear to continue to reside Desktop screen goes blue at times with no icons visble Any assistance will be greatly appreciated Thanks Kevin DDS Ver - - - NTFSx Run Trojan.Zlob with and Infected Trojan.FakeAlert.H by Kevin at on Wed Internet Explorer Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system svchost -k DcomLaunch svchost Infected with Trojan.FakeAlert.H and Trojan.Zlob exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files AVG AVG avgchsvx exe C WINDOWS system spoolsv exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe quot C WINDOWS system svchost exe quot C WINDOWS Explorer EXE C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system cisvc exe C WINDOWS system inetsrv inetinfo exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C Program Files AVG AVG avgnsx exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system ctfmon exe C WINDOWS System Venderis VenderisClient exe C WINDOWS system rundll exe C WINDOWS stsystra exe C WINDOWS system KADxMain exe C Program Files Dell MediaDirect PCMService exe C WINDOWS System Venderis VenderisDomain exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Real Update OB realsched exe C PROGRA AVG AVG avgtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Digital Line Detect DLG exe C Program Files eFax Messenger J GTray exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files iPod bin iPodService exe C Program Files Internet Explorer iexplore exe C WINDOWS system cidaemon exe C WINDOWS system cidaemon exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C Program Files AVG AVG avgcsrvx exe C Program Files Microsoft Office OFFICE WINWORD EXE C DOCUME Kevin LOCALS Temp c exe C Documents and Settings Kevin Desktop dds scr Pseudo HJT Report uStart Page hxxp trianglemls mlxtempo com uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie mURLSearchHooks H - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dll BHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B C AC BB E dll TB CCC A -B CA- -B A - F DD - No File TB Google Toolbar c b - - d - b - a cd f - c program files google google toolbar GoogleToolbar dll TB A A -BACC- D - - A E E - No File TB EA- A- B-ADF - D E CC - No File uRun swg quot c program files google googletoolbarnotifier G... Read more

A:Infected with Trojan.FakeAlert.H and Trojan.Zlob

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/270743/infected-with-trojanfakealerth-and-trojanzlob/