Windows Support Forum

Need process to remove Trojan-BNK.Win32.Keylogger.gen

Q: Need process to remove Trojan-BNK.Win32.Keylogger.gen

Can someone help out with a removal process to get rid of Trojan-BNK.Win32.Keylogger.gen for Windows 7? Thanks in advance for your help.

http://www.bleepingcomputer.com/forums/t/405537/need-process-to-remove-trojan-bnkwin32keyloggergen/
Relevancy 100%
Preferred Solution: Need process to remove Trojan-BNK.Win32.Keylogger.gen

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevancy 92.88%

Can someone help out with a removal process to get rid of Trojan-BNK.Win32.Keylogger.gen for Windows 7? Thanks in advance for your help.

http://www.bleepingcomputer.com/forums/t/405538/removal-process-for-trojan-bnkwin32keyloggergen/
Relevancy 87.72%

I need help. I bought a new dell laptop and went to check my mail and other stuff. After 3 hours I got this virus: Trojan-BNK.Win32.Keylogger.gen. Its not letting me do anything even in safe mode!!!! I have Windows 7 btw. I can I remove it? I called dell support and they told me that they will help me remove it with a charge of 129$ !!!!!!!!!! I said F*** NO! Please help me.
 

https://forums.techguy.org/threads/how-to-remove-trojan-bnk-win32-keylogger-gen.1034050/
Relevancy 86.86%

Ive tried so many things to get this thing removed Ive searched and searched and searched but nothing The only errors ive gotten are the Fake Windows Firewall and my AVG detecting XPdefender exe i already know bout both of em HELP Extra Info OS XP Pro SP Well i was going to post a log from malwarebytes but i cant seem to find the program it aint in my ME HELP REMOVE!! trojan-keylogger.WIN32.agent taskbar and if i open the program manually it says that it is already running Oh well ill just wait But back on topic how can i get rid of this XPdefender trojan kelogger thingy EDIT Got ma log file for MBAM By the way after the scan was done i hit delete and im bout to trojan-keylogger.WIN32.agent HELP ME REMOVE!! restart my comp after post i hope thats fine Malwarebytes Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txt Scan type Quick Scan Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data trojan-keylogger.WIN32.agent HELP ME REMOVE!! Items Infected Folders Infected Files Infected Memory Processes Infected C WINDOWS system f exe Backdoor Bot - gt Unloaded process successfully Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects d a d- acb- -a c -bca bc Trojan Vundo H - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID d a d- acb- -a c -bca bc Trojan Vundo H - gt Quarantined and deleted successfully HKEY CLASSES ROOT ieobject ieobjectobj Adware WebDir - gt Quarantined and deleted successfully HKEY CLASSES ROOT ieobject ieobjectobj Adware WebDir - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface b a e -ade - f -b - b a Adware WebDir - gt Quarantined and deleted successfully HKEY CLASSES ROOT Typelib da bb- - fa - cf-de cdb Adware WebDir - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats d cb -c cd- c f-bfdc- b afbdc c Trojan BHO - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats a cec- c - -b - bfc e a Adware Rightonadz - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats ac c- cd - c- cc -ff dabb Trojan Vundo - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats b d d - - ba - - bd cbd cbd Trojan Vundo - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats b f a c- c - da- bde-f bad e f a Rogue WinAntiVirus - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats b ea -a - -b bb- de cca Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats ca d f- dac- d -b d-c ea c e Adware WebDir - gt Quarantined and deleted successfully HKEY USERS DEFAULT SOFTWARE Microsoft Windows CurrentVersion Explorer ad - b- f -c -b baa f Backdoor Bot - gt Quarantined and deleted successfully HKEY USERS DEFAULT SOFTWARE Microsoft Windows CurrentVersion Explorer bf cd -c d - - bb - f c b dc Backdoor Bot - gt Delete on reboot HKEY USERS S- - - SOFTWARE Microsoft Windows CurrentVersion Explorer ad - b- f -c -b baa f Backdoor Bot - gt Quarantined and deleted successfully HKEY USERS S- - - SOFTWARE Microsoft Windows CurrentVersion Explorer bf cd -c d - - bb - f c b dc Backdoor Bot - gt Delete on reboot HKEY CLASSES ROOT TypeLib dddb - eee- - -b dc c f Adware Ascentive - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface e - b- f -a ab-ab dacbb e Adware Ascentive - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface ead -fcbb- c f- c-ac d c f Adware Ascentive - gt Quarantined and deleted successfully HKEY CLASSES... Read more

A:trojan-keylogger.WIN32.agent HELP ME REMOVE!!

I would say no and take great caution with anything you accessed with passwords on the web. If you do online banking, please contact your financial institution as soon as possible.Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversFilesProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.

http://www.bleepingcomputer.com/forums/t/237140/trojan-keyloggerwin32agent-help-me-remove/
Relevancy 83.42%

Hi It seems that I have trojan activity on my home pc I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning Spyware detected on your computer Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs Malwarebytes CCleaner Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it so I'm hoping - Trojan-spy.win32.keylogger.aa Trojan-clicker.win32.tiny.h, Vbs:malware-gen Trojan-downloader.win32.agent.bq, you may have the time to help What I have noticed is that I only get these warnings when I am logged into my user profile not as administrator or as another user on the pc I Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa also get no warnings when running in safe mode I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C Users Guy AppsData Local Temp tt tmp vbs The numbers letters after the tt in this case change each time I log in It also states Malware Name VBS Malware-gen Malware Type Virus Worm VBS verison - which I try and delete from the warning box I then am greeted with a windows script host message box that will say the above file tt tmp vbs failed Access Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa Denied I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans These have been Trojan-Clicker Win Tiny hTrojan-Downloader Win Agent bqTrojan-Spy Win KeyLogger aaTrojan-Spy Win GreenScreenTrojan-Spy HTML Bankfraud dqThe only option these windows security alert message boxes give me is 'Enable Protection' which takes me to www antispyware-review info wmid amp pwebmid uWfLn pimL amp a which is Smartsoft reviews to buy PC Antispy or PC Clean pro I have ran Malwarebytes scan both in safe and normal mode and it identifies infected files which I clean but on the next startup there are still infected files and warning messages popping up I just can't seem to shift it I have also ran HijackThis Below are last nights Malwarebytes logs and HJT logs before and after cleaning with Malwarebytes see times of logs I hope the info I have given above is useful and hasn't been too confusing If you are able to help me with this it will be greatly appreciated ThanksGuyMalwarebytes' Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - safe mode txtScan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY CURRENT USER SOFTWARE uninstall Fake Dropped Malware - gt No action taken HKEY CURRENT USER SOFTWARE wkey Malware Trace - gt No action taken HKEY CURRENT USER SOFTWARE mwc Malware Trace - gt No action taken Registry Values Infected HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Run lphctmdj ec e Trojan FakeAlert - gt No action taken HKEY CURRENT USER Control Panel Desktop wallpaper Hijack Wallpaper - gt No action taken HKEY CURRENT USER Control Panel Desktop originalwallpaper Hijack Wallpaper - gt No action taken HKEY CURRENT USER Control Panel Desktop convertedwallpaper Hijack Wallpaper - gt No action taken Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected -----------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware Database version Windows Service Pack PM mbam-log- - - - - txtScan type Full S... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exeC:\Program Files\Avast Antivirus\ashDisp.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\ProgramData\SmartShCom\hcfgfytg.exeC:\ProgramData\rcvsxmzo\nqlszova.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Guy\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\... Read more

http://www.bleepingcomputer.com/forums/t/161790/vbsmalware-gen-trojan-clickerwin32tinyh-trojan-downloaderwin32agentbq-trojan-spywin32keyloggeraa/
Relevancy 68.8%

I run McAfee Total Protection software. It has been active and regular scans and updates are automatic. Nevertheless Trojan-BNK.Win32.Keylogger.gen has infected my computer. McAfee full scan finds no problem. McAfee tech support refuses to remove the infection without a fee. It seems to me that if they know how to fix the problem, then they are aware of the threat. If they are aware of the threat, why does their "Total Protection" software pass it on to my computer? The answer seems obvious to me. It creates a revenue flow for their tech support department.

I have two issues:

1. How may I clean my computer?

2. I am in the market for an effective program that will prevent future infections. Is there such a program?

http://www.bleepingcomputer.com/forums/t/405081/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Hi my computer is infected with this virus A pop up window came out It says Win Security Alert Win Security has blocked a program from accessing the Internet This Program is infected with Trojan-BNK Win Keylogger gen Private data can be stolen Trojan-BNK.Win32.Keylogger.gen by third parties including credit card details and passwords Name McAfee Security Center Location C Program Files McAfee com Agent mcagent exe Company McAfee Inc Version Windows recommend Activate Win Security Click quot Yes Activate quot to register your copy of Win Security and perform threat removal on your system Yes activate Win Security Recommended click here to activate and remove all infections No Continue Unprotected Dangerous Click here to continue unprotected That is all the pop window The computer was Trojan-BNK.Win32.Keylogger.gen started in safe mode Trojan-BNK.Win32.Keylogger.gen and a full scan with McAfee was done it did not encounter any Trojan-BNK.Win32.Keylogger.gen problems Computer was shut down and restarted in normal mode and a whole bunch of windows started popping out Dont remember exactly what it said just something regarding the hard drive Shut down computer again and restarted in safe mode using f Same pop up window described above showed up All programs in the computer seem to be gone All icons on the desktop are gone except recycle bin and McAfee icons These are all the details I dont know much about computers just very basic staff PLEASE HELP THANKS

A:Trojan-BNK.Win32.Keylogger.gen

Welcome aboard Start with this guide: http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012

http://www.bleepingcomputer.com/forums/t/438634/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Somehow this has appeared on my computer, a pop up keeps blocking my activity. It is sooooo annoying, can anyone help?

A:Trojan-BNK.Win32-Keylogger.gen

Hello and welcome. Let's try this..Run RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/302533/trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

I have just used spyware doctor to remove "Trojan-BNK.Win32.Keylogger.gen"
it found and removed it!!!
...But now my problem is that every file (.exe program) Tht i try to open, asks me to select the program from the list or use the internet to search for the the extension!!
I think when i removed the trojan, that it did something with the registry so im guessing that could be the problem.
I havnt done anything else because I know ill proberbly mess things up!

Any solutions on how to get eveyr program to open itself without asking?

thanks

A:Trojan-BNK.Win32.Keylogger.gen

this has to be the fastest fix ive ever done byself ever.....To fix this I searched up in google and came across this website:http://www.virusremovalguru.com/?p=5528thats related to my issue, and someone commented this:Here?s what worked for me ? I pasted this text onto the notepad application:Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\Software\Classes\.exe][-HKEY_CURRENT_USER\Software\Classes\secfile][-HKEY_CLASSES_ROOT\secfile][-HKEY_CLASSES_ROOT\.exe\shell\open\command][HKEY_CLASSES_ROOT\.exe]@=?exefile??Content Type?=?application/x-msdownload?Then I saved it to my desktop naming it fix.regI then opened up the newly made .reg file and clicked yes when prompted whether or not I wanted to update my registry with the newly modified information.I then restarted my computer and installed Malwarebytes anti-malware and did the update as well. Once installed, I ran a quick scan which found 11 viruses which I then subsequently removed.What the above .reg file did was neutralize the virus? crippling effect of preventing me from installing or even using Malewarebytes or any other anti-virus program which I had running at the time (Avira).Once restarted and sufficiently neutralized, the virus was powerless against Malwarebytes.Problem solved. Done and done.==================================So baisically the reg he made worked for me too!!!:D

http://www.bleepingcomputer.com/forums/t/295787/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Hi My kids laptop is infected with a virus When i turn it on a screen pops up and says quot Win Internet Security has blocked a program from accessing the internet The program is Trojan-BNK win keylogger gen If I keep the computer Trojan BNK.win32.keylogger.gen on additional pop ups will continue telling me that the computer is infected etc It is urging me to click on a yes box to fix the problem The latop is a Toshiba bit and Trojan BNK.win32.keylogger.gen is running Windows Professional Per the intructions please find the DDS txt file below and the Attach txt zip file -------------------------------------------------------------------------- DDS Ver - - - NTFSAMD NETWORK Internet Explorer Run by stewart at on Trojan BNK.win32.keylogger.gen - - Microsoft Windows Home Premium GMT - AV AntiVir Desktop Enabled Updated F C - CE- C F- C- B A B SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP AntiVir Desktop Enabled Updated B E Trojan BNK.win32.keylogger.gen DCD- F - E - D C- CF DCF A Running Processes C windows system wininit exe C windows system lsm exe C windows system svchost exe -k DcomLaunch C windows system svchost exe -k RPCSS C windows System svchost exe -k LocalServiceNetworkRestricted C windows system svchost exe -k netsvcs C windows system svchost exe -k LocalSystemNetworkRestricted C windows system svchost exe -k LocalService C windows system svchost exe -k NetworkService C windows system svchost exe -k LocalServiceNoNetwork C windows Explorer EXE C windows system ctfmon exe C Users stewart AppData Local jxw exe C windows system DllHost exe C windows SysWOW cmd exe C windows system conhost exe C windows SysWOW cscript exe C windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www google com ig uDefault Page URL hxxp www google com ig brand TSND amp bmod TSND mDefault Page URL hxxp www google com ig redirectdomain brand TSND amp bmod TSND mStart Page hxxp www google com ig redirectdomain brand TSND amp bmod TSND uInternet Settings ProxyOverride lt local gt local mWinlogon Userinit userinit exe BHO HP Print Enhancer c e- - -bf - c - C Program Files x HP Digital Imaging Smart Web Printing hpswp printenhancer dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll BHO ooVoo Toolbar c f b-f - e - - f b - C Program Files x oovootoolbar oovootoolbarX dll BHO C C A-E - b - D - CECB - No File BHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll BHO Google Toolbar Helper aa ed - dd- d - -cf f - C Program Files x Google Google Toolbar GoogleToolbar dll BHO Skype Plug-In ae - e c- ed - f b-f f a - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll BHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - C Program Files x Google GoogleToolbarNotifier swg dll BHO Office Document Cache Handler b f a - e - -ba - b e ff - C PROGRA MICROS Office URLREDIR DLL BHO WOT Helper c e a- f - e -bdd -a e feb - C Program Files x WOT WOT dll BHO Bing Bar Helper d ce e -f a- - e- dc f c f - quot C Program Files x Microsoft BingBar BingExt dll quot BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - C Program Files x Java jre bin jp ssv dll BHO TOSHIBA Media Controller Plug-in f c -effa- d -b - b b b - C Program Files x TOSHIBA TOSHIBA Media Controller Plug-in TOSHIBAMediaControllerIE dll BHO HP Smart BHO Class ffffffff-cf e- f b-bdc - e e a - C Program Files x HP Digital Imaging Smart Web Printing hpswp BHO dll TB WOT - d- c -aae - f ec bf d - C Program Files x WOT WOT dll TB Bing Bar dcb -df - - - fa b f - quot C Program Files x Microsoft BingBar BingExt dll quot TB ooVoo Toolbar c f b-f - e - - f b - C Program Files x oovootoolbar oovootoolbarX dll TB Google Toolbar c b - - d - b - a cd f - C Program Files x Google Google Toolbar GoogleToolbar dll TB FEBEFE - B - - D -FFB D B CA - No File EB HP Smart Web Printing d d - bd - -a... Read more

A:Trojan BNK.win32.keylogger.gen

Hi,

Please do the following

Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f100/trojan-bnk-win32-keylogger-gen-582708.html
Relevancy 68.8%

Hi - New to site so appreciate any help.
run xp with windows 7 and firefox

Ran rkill then malwarebytes then rkill then superantispyware and seem to be fine except for a balloon
that pops up every 10 secs that says "successfully blocked access to a potentially malicious website" with a ip address that changes each time. Also says "type: outgoing"

Any help would be appreciated.

Paradude

A:trojan-bnk.win32.keylogger.gen

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/435270/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Saturday the kids were playing a game on Facebook on my laptop and got the Windows Security Virus Trojan-BNK WIN keylogger gen This virus would also block from using any web Trojan-BNK.WIN32.keylogger.gen browser I have an IBM Thinkpad not sure what model but its old enough it came with restore disks that I no longer have I went into safe mode and ran Malwarebytes and it found some and I removed them Rebooted and it seems Trojan-BNK.WIN32.keylogger.gen to be gone but I still can not access the internet The virus happened thru FireFox web browser and that browser seems to be completely corrupted I have tried to uninstall it but when I click remove the window blinks and that is all Internet Explorer tells me it cannot access the internet but windows updates and my antivirus and Malware is accessing the internet just fine so it seems web browsers are effected Trojan-BNK.WIN32.keylogger.gen I put Avast on there Trojan-BNK.WIN32.keylogger.gen and ran it and it found nothing Any ideas

A:Trojan-BNK.WIN32.keylogger.gen

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/435857/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Every 5 minutes or so a box pops up on my screen saying I have a security breech. The box says that I have one of these viruses, mixing it up every time.

Trojan-Clicker.Win32.Tiny.h
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.Bankfraud.dq

i have run MalwareBytes and simply can't get rid of this.

The only option these windows security alert message boxes give me is 'Enable Protection' which takes me to www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.

Any help would be greatly appreciated.

A:Trojan-spy.win32.keylogger.aa

Update and run Malwarebytes again and then post the log.

http://www.bleepingcomputer.com/forums/t/164239/trojan-spywin32keyloggeraa/
Relevancy 68.8%

First I would like to mention that Im not that good at computer lingo or terminology so I apologize for the future headaches Alright here s what I got I Need help "Trojan-BNK.Win32-Keylogger.gen" more against got hit with Need more help against "Trojan-BNK.Win32-Keylogger.gen" quot Trojan-BNK Win -Keylogger gen I read somewhere on how to get rid of it I can t remember where but this is what I did - SAFE MODE with NETWORKING - Downloaded Malwarebytes Anti Malware - Run full scan - Removed the infected Doing that stopped the hijacking BIG RELIEF But that didn t solve everything Im pretty much locked out in my account In SAFE MODE Administrator Account not my standard account I have access to most things My Computer Files RUN Task Manager However my standard account has TASK MANAGER DESKTOP items MY DOCUMENTS RUN prompt and many more disabled You name it no access I ve gone through the forums and did the Windows Ley R to bring up the run command and entered regedit and regedit exe I have Windows XP Home Edition but both times I ve needed to open it with something I bought BitDefender so I m trying to get to a stage where I can download it successfully and remove any other intrusions If anyone can help I would really appreciate it Thank you

A:Need more help against "Trojan-BNK.Win32-Keylogger.gen"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435105 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/435105/need-more-help-against-trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

I read the previous topic on this subject, but I'm still stuck on how to proceed. My work laptop is infected and I can't get/go anywhere on it to even download the RKill. I am writing this from my home desktop. I have my laptop here as well. I know there must be a way to interrupt the boot up process to get to IE to then be able to access the internet. I just don't know how to do that. Thanks for help.

A:Trojan-BNK.Win32.Keylogger.gen

Welcome aboard Use the desktop to download necessary files and transfer them to the laptop using USB flash drive.Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/434832/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Safe Mode also blocked by Error message
STOP:0x00000007B (0xF89D5528,0x0000034,0x00000000,0x00000000)
Sorry if I previously posted out of line
Explorer will not connect. I can start Windows Normally but
Ran RKill from USB drive. Have log. Attempt to download MBam and run from E drive not successful. CCleaner also failed.
Need to clean this oldy but goody up.

A:Trojan-BNK.Win32.Keylogger.gen

Sorry if I previously posted out of line.
 
Don't worry, not need to say sorry. It just wasn't clear to us you had an infected machine.

http://www.bleepingcomputer.com/forums/t/559211/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

So far, I can only access most of my icons on my desktop by going to safe mode with networking. When I start my computer normally, this virus prevents me from going to most of my icons on my desktop, preventing downloading, and some of my icons got moved or deleted(not responsible for it). How can I get rid of this virus? Any suggestions? If this does get resolved, what should I do to prevent this again? Also, if there is available, send me a link for a FREE anti-virus installment AFTER my computer is free of that virus. I would appreciate the help you people get to help resolve this issue.

A:Trojan-BNK.WIn32.Keylogger.gen

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/436478/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

help, please my son's laptop has vista screaming trojans! of all kinds

A:TROJAN-BNK.WIN32.KEYLOGGER.GEN

Hello and welcome. I am moving this from Vista to the Am I Infected forum.About Keygens.. These are tools to pirate software...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...Keygen and Crack Sites Distribute VIRUX and FakeAVInfections also spread by using peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm?rg?sbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser?s security holes and by exploiting a vulnerability in older versions of Sun Java. When you click on an infected email link or spam, Internet Explorer launches a site that stealthy installs a Trojan so that it can run every time you startup Windows and download more malicious files. Let's see what a few scans will show.Please download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Sh... Read more

http://www.bleepingcomputer.com/forums/t/298134/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Happy New Year! This is what I woke up to this morning Trojan-BNK.Win32-Keylogger.gen
Windows 7 won't let me do anything. When I googled on my iphone everyone said this is a virus. So here I am, a total novice, asking for HELP!!!

A:Trojan-BNK.Win32-Keylogger.gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stopPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt<--Will be minimizedLet me know if you can't get this done.In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.regards myrti

http://www.bleepingcomputer.com/forums/t/435689/trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

I am having pop ups every so often that say I have on these viruses mixing it up every time Trojan-Clicker Win Tiny hTrojan-Downloader Win Agent bqTrojan-Spy Win Keylogger aaTrojan-Spy Win GreenScreenTrojan-Spy HTML Bankfraud dqI followed the advice that was given to user mhill on August and I am still Trojan-spy.win32.keylogger.aa seeing the popups I have run and updated MalwareBytes I have run my system in safe mode and run ATF-Cleaner and SUPERAntiSpyware but I just got another pop-up Here is my scanner log that I just Trojan-spy.win32.keylogger.aa received after running SUPER SUPERAntiSpyware Scan Loghttp www superantispyware comGenerated at PMApplication Version Core Rules Database Version Trace Rules Database Version Scan type Complete ScanTotal Scan Time Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected Trojan Dropper Gen ComCfgWin C WINDOWS SYSTEM WJIHUZSB EXE C WINDOWS SYSTEM WJIHUZSB EXE smartinfo C WINDOWS SYSTEM RCFEBMZI EXE C WINDOWS SYSTEM RCFEBMZI EXE C WINDOWS SYSTEM DORIFQTI EXEAdware SpywareStrike C Program Trojan-spy.win32.keylogger.aa Files SpywareStrikeAdware WhenU C Program Files Save C Program Files Common Files WhenUAdware MovieLand MediaPipe C Program Files ItBill C Program Files MediaPipeAdware solutions ZangoSearch C Program Files Zango ProgramsAdware Surf Accuracy C Program Files SurfAccuracyAdware IST ISTBar Slotch Bar C Program Files ISTsvcAdware Ezula C Program Files EzulaTrojan SpySheriff C Program Files SpySheriffAdware WebHancer C Program Files WEBHANCER C Program Files whInstallSpyware WebSearch WinTools Huntbar C Program Files Common Files WinToolsAdware BookedSpace C WINDOWS bsx C WINDOWS zAbstractTrojan MalwareWipe C Program Files MalwareWipe C Program Files Malware-WipedTrojan WinAntiSpyware WinAntiVirus C Program Files Common Files WinAntiVirus Pro C Program Files WinAntiVirus Pro Trojan WinFixer C Program Files WinFixerFreeAdware SurfSideKick C Program Files Common Trojan-spy.win32.keylogger.aa Files VCClientAdware Avenue Media Internet Optimizer C Program Files Internet OptimizerAdware UCMore The Search Accelerator C Program Files TheSearchAcceleratorTrojan NewDotNet C Program Files NewDotNetAdware IST YourSiteBar C Program Files YourSiteBarTrojan UnSpyPC Spyware Scanner C Program Files UnSpyPCTrojan NetMon DNSChange C Program Files Network MonitorTrojan Services Inet C WINDOWS inet Trojan PestTrap C Program Files PestTrapTrojan AdwareSheriff C Program Files AdwareSheriffAdware Toolbar C Program Files Toolbar Trojan SpyFalcon C Program Files SpyFalconTrojan Security Toolbar C Program Files Security ToolbarTrojan BraveSentry C Program Files BraveSentryAdware Best Offers Network C Program Files TBONBinMalware SpywareQuake C Program Files SpywareQuakeAdware ClickSpring Yazzle C Program Files Yazzle SudokuAdware MyWay C Program Files MyWayAdware Elite Media C WINDOWS etbSpyware E G C Program Files E GAdware IPWins C Program Files ipwindowsAdware BargainBuddy NaviSearch C Program Files BullsEye NetworkMalware SpyHeal C Program Files SpyHealerMalware KillAndClean C Program Files KillAndCleanTrojan Media-Codec C Program Files IntCodec C Program Files Media-Codec C Program Files iCodecPack C Program Files strCodec C Program Files MPVIDEOCODEC C Program Files VideosCodec C Program Files SoftCodec C Program Files X Password Generator C Program Files VideoKeyCodec C Program Files QualityCodec C Program Files iVideoCodec C Program Files Perfect Codec C Program Files Super Codec C Program Files Gold Codec C Program Files VIDEO ACTIVEX OBJECT C Program Files Image ActiveX Object C Program Files VAXCodec C Program Files Video Access ActiveX ObjectMalware VirusBurst C Program Files VirusBurster C Program Files VirusBursters C Program Files Virus-BurstersMalware AntiVermins C Program Files AntiVermins C Program Files AntiVermeansTrojan DNSChanger-Codec HKU S- - - - - - - Software uninstall C Program Files VideoAccessCo... Read more

A:Trojan-spy.win32.keylogger.aa

I ran Malware again and here are the results:

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 4:55:53 PM
mbam-log-2008-09-06 (16-55-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201178
Time elapsed: 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

http://www.bleepingcomputer.com/forums/t/167841/trojan-spywin32keyloggeraa/
Relevancy 68.8%

I m using this how-to page to remove the trojan-bnk.win32.keylogger.gen help? virus http www bleepingcomputer com virus-removal remove-antivirus-vista- but I m a bit stuck at this one step I put all the necessary files onto my trojan-bnk.win32.keylogger.gen help? USB and plugged it into the infected computer I opened up My Computer and saw my USB I click on it and luckily I see both files Malwarebytes setup and the reg files As per the instructions I double-clicked the FixExe reg files and clicked quot Yes quot trojan-bnk.win32.keylogger.gen help? The instructions say I should be able to now download Malwarebytes I double-click mbam-setup but nothing happens or pops up No installation wizard or anything like that I m not sure what to do now As you can tell I m a bit of a noob when it comes to this kind of stuff Help would be greatly appreciated Thanks Oh and I use Windows XP if that s any help If you need me to provide any more information that would help you figure out my predicament I ll gladly cooperate

http://www.bleepingcomputer.com/forums/t/401977/trojan-bnkwin32keyloggergen-help/
Relevancy 68.8%

I ve been Trojan-BNK.Win32.Keylogger following the threads for topic to remove this from my computer and I saw that the removal log was requested Here is my log can you Trojan-BNK.Win32.Keylogger help me get rid of this difficult virus Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Quick scan Objects Trojan-BNK.Win32.Keylogger scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Trojan-BNK.Win32.Keylogger Infected c program files x mywebsearch bar bin MWSOEMON EXE Adware MyWebSearch - gt - gt Unloaded process successfully Memory Modules Infected c program files x mywebsearch bar bin MWSOESTB DLL Adware MyWebSearch - gt Delete on reboot c program files x livingplay lplaytl dll PUP LivingPlay - gt Delete on reboot Registry Keys Infected HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services MyWebSearchService Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID A FAF - E- cf- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects A FAF - E- CF- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings A FAF - E- CF- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats A FAF - E- CF- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID A FAF - E- cf- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats A FAF - E- CF- - F A D Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Settings B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID B EAB-A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT TypeLib B EA -A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT Interface B EAA-A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT MyWebSearchToolBar SettingsPlugin Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT MyWebSearchToolBar SettingsPlugin Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CURRENT USER SOFTWARE Microsoft Windows CurrentVersion Ext Stats B EAB-A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Ext PreApproved B EAB-A - -B BB- DE CCA Adware MyWebSearch - gt Quarantined and deleted successfully HKEY CLASSES ROOT CLSID F ECF F- - C A- - E FFCAF Adware MyWebSearch - gt Quarantined and deleted successfully HK... Read more

A:Trojan-BNK.Win32.Keylogger

Hello Christo23I split you to your own topic here,You needed to reboot if you did not.Please run these nextPlease download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.Now reboot to Normal and run MBAM (MalwareBytes):Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select FULL scan and scan (normal mode).After scan click Re... Read more

http://www.bleepingcomputer.com/forums/t/433227/trojan-bnkwin32keylogger/
Relevancy 68.8%

I had someone use my computer and they went onto a game site yahoo pogo games now I have this virus a window pops up saying I need to purchase some win program to remove the virus The person using my computer was my girlfriend and we have since broke up so she won't be on my machine anymore Also what is your recommended virus protection software that I can purchase Can you please help me to get rid of all of this for the final time Sorry forot to attach my results DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run by barbara at on - - Microsoft Windows Home Premium GMT - AV Lavasoft Ad-Watch Live Anti-Virus Enabled Updated FF - D -CE B- ECB-E A A AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB win32 BNK trojan keylogger.gen help - Please C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF SP Lavasoft Ad-Watch Live Enabled Updated - EE-C E - B-DC BDD BAB Running Processes C PROGRA AVG AVG avgchsva exe C PROGRA AVG AVG avgrsa exe C Windows system wininit exe C Windows system lsm exe C trojan BNK win32 keylogger.gen - Please help Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Program Files x Lavasoft Ad-Aware AAWService exe C Windows system trojan BNK win32 keylogger.gen - Please help WLANExt exe C Windows system conhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system taskhost exe C Program Files x AVG AVG avgwdsvc exe C Program Files x Launch Manager dsiwmis exe C Windows system taskeng exe C Program Files x AVG AVG avgnsa exe C Program Files x AVG AVG avgemca exe C Windows system conhost exe C Program Files Acer Acer ePower Management ePowerSvc exe C Program Files x Acer Registration GREGsvc exe C Program Files x Intel Intel R Management Engine Components LMS LMS exe C Program Files x NewTech Infosystems Acer Backup Manager IScheduleSvc exe C Program Files x NewTech Infosystems NTI Backup Now SchedulerSvc exe C Program Files x Cyberlink Shared files RichVideo exe C Windows system svchost exe -k imgsvc C Program Files Acer Acer Updater UpdaterService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files x Yahoo SoftwareUpdate YahooAUService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Windows system SearchIndexer exe C Windows system wbem unsecapp exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system wbem wmiprvse exe C Program Files x Lavasoft Ad-Aware AAWTray exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows helppane exe C Program Files x Internet Explorer iexplore exe C Program Files x Internet Explorer iexplore exe C Windows SysWOW Macromed Flash FlashUtil c ActiveX exe C Program Files x Intel Intel R Rapid Storage Technology IAStorDataMgrSvc exe C Windows system sppsvc exe C Program Files x Intel Intel R Management Engine Components UNS UNS exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Windows servicing TrustedInstaller exe C Program Files x Internet Explorer iexplore exe C Windows system DllHost exe C Windows system DllHost exe C Windows SysWOW cmd exe C Windows system conhost exe C Windows SysWOW cscript exe Pseudo HJT Report uStart Page hxxp www yahoo com mDefault Page URL hxxp homepage acer com rdr aspx b ACAW amp l amp m aspire amp r f l f z m t m k mStart Page hxxp www youcansearch com uURLSearchHooks YTNavAssist YTNavAssistPlugin Class ea - aa - a a- - af e d f - C... Read more

A:trojan BNK win32 keylogger.gen - Please help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Ad-Watch and AVG. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

As far as a purchased AV, you can't go wrong with ESET's NOD32 or Smart Security:

Best Free Antivirus: ESET! Try free antivirus programs for 30 days.

I use it, and love it.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------

http://www.techsupportforum.com/forums/f100/trojan-bnk-win32-keylogger-gen-please-help-624680.html
Relevancy 68.8%

I too have been infected with this and maybe more. I ran Malwarebytes on the infected computer and after a resart I could not open any program without being prompted to find a program to open it with, I'm thinking I must have deleted some important .exe files so I rolled back my computer status to earlier in the day before I used Malwarebytes and did another scan. Can someone please help, I'm not a tech saavy guy but I can follow instructions if someone can help?

A:Trojan-BNK.Win32.Keylogger and more

Hello,I split you to your own topic.After rolling back can you open programs if so do this.What is your operating system?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Did MBAM find anything? post that log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

http://www.bleepingcomputer.com/forums/t/432689/trojan-bnkwin32keylogger-and-more/
Relevancy 68.8%

I had the virus like 30 minutes ago and i used malwarebytes to remove but im not sure if its gone.

A:trojan-bnk.win32-keylogger.gen

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/431743/trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

Many popups Has taken over Trojan-BNK.win32.keylogger.gen Windows explorer when not in safe mode Blocks me downloading malware removal tools etc Doesn t appear as its Trojan-BNK.win32.keylogger.gen own name in registry Could be disguised So how do I remove if I can t shut down its activity and I can t access the internet for malware removal tools See below HJT Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services Trojan-BNK.win32.keylogger.gen exe C WINDOWS Trojan-BNK.win32.keylogger.gen system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS System CTsvcCDA exe C Program Files Common Files Authentium AntiVirus dvpapi exe C WINDOWS System svchost exe C Program Files Common Files Intuit Update Service IntuitUpdateService exe C Program Files Java jre bin jqs exe C WINDOWS System nvsvc exe C WINDOWS system HPZipm exe C Program Files Dantz Retrospect retrorun exe C PROGRA Dantz RETROS wdsvc exe C Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C WINDOWS system fxssvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www myway com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Windows CurrentV ersion Internet Settings ProxyOverride local R - URLSearchHook PageRage Toolbar - d-c d - d -bd -b b a - C Program Files PageRage prxtbPage dll file missing O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper Shim dll O - BHO Conduit Engine - F B -B - - B- FBA BD D - C Program Files ConduitEngine prxConduitEngine dll file missing O - BHO ooVoo Toolbar - c f b-f - e - - f b - C Program Files oovootoolbar oovootoolbarX dll O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO PageRage - d-c d - d -bd -b b a - C Program Files PageRage prxtbPage dll file missing O - BHO MSN Toolbar BHO - d ce e -f a- - e- dc f c f - C Program Files MSN Toolbar Platform npwinext dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs pl ugin dll O - BHO Yontoo Layers - FD E- FDE- D-A A- BAB CAD - C Program Files Yontoo Layers YontooIEClient dll O - Toolbar MSN Toolbar - dcb -df - - - fa b f - C Program Files MSN Toolbar Platform npwinext dll O - Toolbar ooVoo Toolbar - c f b-f - e - - f b - C Program Files oovootoolbar oovootoolbarX dll O - Toolbar PageRage Toolbar - d-c d - d -bd -b b a - C Program Files PageRage prxtbPage dll file missing O - Toolbar Conduit Engine - ... Read more

https://forums.techguy.org/threads/trojan-bnk-win32-keylogger-gen.994185/
Relevancy 68.8%

Hello, I'm new to this forum, so I hope I'm posting in the correct area. I started receiving the Vista Antivirus 2012 popups and the computer stating I have the above virus. In researching, I found a post on removing this virus using FixExe and mbam-setup. I downloaded both onto my external hard drive, rand the fixege to register, however when I click run on the mbam-setup...nothing happens. I'm not sure how much more information you need, but I need HELP PLEASE. Any assistance will be greatly appreciated. Thanx in advance.

A:Trojan-BNK.Win32-Keylogger.gen

Hello let's try again with these instructions. We also need to run this.. FixNCR.regPlease follow our Removal Guide here Vista Security 2011 .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

http://www.bleepingcomputer.com/forums/t/403423/trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

I got to bleepincomputer.com/forums/topic302533.html through internet search leading to community.mcafee.com/thread/35859.
My computer was infected with the Trojan and no browser would run. Opera, IE, google chrome all were rendered useless. At first I was doubtful that solution for removal posted by a guy "boopme" on 14th March 2010 would not solve and might be just fake or outdated. With no options, I followed it. Downloaded the two files rkill and MBAM on a separate laptop. copied it on the infected machine, ran it, and bingo, it was cured!!! Man, I am so grateful to these guys. Don't know how to thank them enough.

A:trojan-bnk.win32.keylogger.gen

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408651 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

http://www.bleepingcomputer.com/forums/t/408651/trojan-bnkwin32keyloggergen/
Relevancy 68.8%

Hello infected by Trojan-BNK Win -Keylogger gen Followed instructions on previous thread and tried RKILL MBAM ATF and SAS Latest MBAM and SAS logs below I still can t start interent explorer It tries to associate internet explorer to exe but never runs is Also my Macfee anti virus icon does not come ON when I power up my laptop Please help Without am IE right now Appreciate teh Trojan-BNK.Win32-Keylogger.gen help Merry Christmas MBAM LOG Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Internet Explorer PM mbam-log- - - - - txt Scan type Quick scan Objects scanned Time elapsed minute Trojan-BNK.Win32-Keylogger.gen s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected c Users AppData Local usy exe Trojan FakeAV - gt - gt Unloaded process successfully Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected c Users AppData Local usy exe Trojan FakeAV - gt Quarantined and deleted successfully c Users local settings application data usy exe Trojan FakeAV - gt Quarantined and deleted successfully SAS LOG SUPERAntiSpyware Scan Log http www superantispyware com Generated at AM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Operating System Information Windows Enterprise -bit Service Pack Build UAC On - Administrator Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected Adware Tracking Cookie C USERS AppData Roaming Microsoft Windows Cookies Low K O CUU txt Cookie tcsuser liveperson net hc C USERS AppData Roaming Microsoft Windows Cookies Low R YXT W txt Cookie tcsuser sales liveperson net C USERS AppData Roaming Microsoft Windows Cookies Low XRJZPZT txt Cookie tcsuser media degrees com C USERS AppData Roaming Microsoft Windows Cookies Low QFY LG E txt Cookie tcsuser adinterax com C USERS AppData Roaming Microsoft Windows Cookies Low LBY UVP txt Cookie tcsuser sales liveperson net hc C USERS AppData Roaming Microsoft Windows Cookies Low L B TIL txt Cookie tcsuser liveperson net hc C USERS AppData Roaming Microsoft Windows Cookies Low BW GZGTO txt Cookie tcsuser serving-sys com C USERS AppData Roaming Microsoft Windows Cookies Low QUBAM txt Cookie tcsuser liveperson net hc C USERS AppData Roaming Microsoft Windows Cookies Low UYHQXL G txt Cookie tcsuser yieldmanager net C USERS AppData Roaming Microsoft Windows Cookies Low UR SJBEA txt Cookie tcsuser apmebf com C USERS AppData Roaming Microsoft Windows Cookies Low NR JQY txt Cookie tcsuser pubads g doubleclick net C USERS AppData Roaming Microsoft Windows Cookies Low GTLGHV txt Cookie tcsuser lucidmedia com C USERS AppData Roaming Microsoft Windows Cookies Low I EBD C txt Cookie tcsuser usairways o net C USERS AppData Roaming Microsoft Windows Cookies Low QIY X txt Cookie tcsuser realmedia com C USERS AppData Roaming Microsoft Windows Cookies Low MOY R N txt Cookie tcsuser interclick com C USERS AppData Roaming Microsoft Windows Cookies Low JPQN X txt Cookie tcsuser specificclick net C USERS AppData Roaming Microsoft Windows Cookies Low GJ WVI Y txt Cookie tcsuser r -ads ace advertising com C USERS AppData Roaming Microsoft Windows Cookies Low ZK txt Cookie tcsuser in getclicky com C USERS AppData Roaming Microsoft Windows Cookies Low TK ZCWRZ txt Cookie tcsuser hitbox com C USERS AppData Roaming Microsoft Windows Cookies Low PHOA W txt Cookie tcsuser ad yieldmanager com C USERS AppData Roaming Microsoft Windows Cookies Low WNVMSIZ txt Cookie tcsuser rtst o net C USERS AppData Roaming Microsoft Windows Cookies Low B QQDJF txt Cookie tcsuser adxpose co... Read more

A:Trojan-BNK.Win32-Keylogger.gen

Was able to get the IE up and running but it is very slow
Used another tool to scan. Showing TRACUR TROJAN. Please help with slow speed of IE

Exterminate It! Antimalware 2.04
Database: 12/22/2011 (500830 signatures) (core load failed)
www.exterminate-it.com

System Information:

Windows: 6.1.7601 Service Pack 1
Internet Explorer: 8.0.7601.17514

Scan Type: Smart Scan

Scan Log:

08:59:08.756 Start Scan
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars
09:00:13.469 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars\IE
09:00:51.300 Found Tracur Trojan C:\Windows\system32\custmon32.dll
09:01:29.275 Found Agent Backdoor, Trojan C:\Users\ctsuser1\AppData\Local\Temp\RarSFX0\winlogon.exe
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid32
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\TypeLib
09:01:32.851 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}
09:01:32.851 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ProxyStubClsid
09:01:32.852 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ProxyStubClsid32
09:01:32.852 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\TypeLib
09:01:33.439 Found CouponBar Adware C:\Windows\CouponPrinter.ocx
09:04:05.381 End Scan

Summary:
Scan Duration: 0:04:56.665
Threats Detected: 14

IE working now but slow. Showing TRACUR TROJAN

Exterminate It! Antimalware 2.04
Database: 12/22/2011 (500830 signatures) (core load failed)
www.exterminate-it.com

System Information:

Windows: 6.1.7601 Service Pack 1
Internet Explorer: 8.0.7601.17514

Scan Type: Smart Scan

Scan Log:

08:59:08.756 Start Scan
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo
09:00:13.468 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars
09:00:13.469 Found Zugo Adware HKEY_CURRENT_USER\Software\Zugo\Toolbars\IE
09:00:51.300 Found Tracur Trojan C:\Windows\system32\custmon32.dll
09:01:29.275 Found Agent Backdoor, Trojan C:\Users\ctsuser1\AppData\Local\Temp\RarSFX0\winlogon.exe
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}
09:01:32.844 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\ProxyStubClsid32
09:01:32.845 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}\TypeLib
09:01:32.851 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}
09:01:32.851 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ProxyStubClsid
09:01:32.852 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\ProxyStubClsid32
09:01:32.852 Found CouponBar Adware HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}\TypeLib
09:01:33.439 Found CouponBar Adware C:\Windows\CouponPrinter.ocx
09:04:05.381 End Scan

Summary:
Scan Duration: 0:04:56.665
Threats Det... Read more

http://www.bleepingcomputer.com/forums/t/434399/trojan-bnkwin32-keyloggergen/
Relevancy 68.8%

Here is a pic of what keeps popping up every so often A side-effect of this trojan is it is posting obscene ads on every site that I go to they all have to do with a male enhancement pill named 'Vimax Pills' Trojan-Spy.Win32.Keylogger.aa On step Trojan-Spy.Win32.Keylogger.aa of the steps I wasn't able to install IE-Spypad HijackThis Logs Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS System svchost exe C Program Files Common Files LightScribe LSSrvc exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MPFSrv exe C WINDOWS System spool DRIVERS W X HPZIPM EXE C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe c WINDOWS system ZuneBusEnum exe C WINDOWS ehome mcrdsvc exe c Program Files Zune ZuneNss exe C WINDOWS system dllhost exe C WINDOWS System alg exe C WINDOWS system wbem wmiprvse exe C WINDOWS ExplorerHacks exe C PROGRA McAfee com Agent mcagent exe C PROGRA McAfee VIRUSS mcsysmon exe C WINDOWS ehome ehtray exe C WINDOWS ARPWRMSG EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files DISC DISCover exe C Program Files DISC DiscUpdateMgr exe C PROGRA verizon SMARTB MotiveSB exe C Program Files Java jre bin jusched exe C Program Files Lexmark Series ezprint exe C HP KBD KBD EXE C Program Files DISC DiscGui exe C WINDOWS eHome ehmsas exe C WINDOWS system lxcicoms exe C Program Files Zune ZuneLauncher exe C WINDOWS system ctfmon exe C Program Files The Weather Channel FW Desktop DesktopWeather exe C Program Files iPod bin iPodService exe C WINDOWS system pedorgli exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files DISC DiscStreamHub exe C Program Files Updates from HP Program Updates from HP exe C WINDOWS SOUNDMAN EXE c windows system hpsysdrv exe C WINDOWS system igfxsrvc exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Live Messenger usnsvc exe C ijji ENGLISH u gbound exe C PROGRA MYWEBS bar bin m SrchMn exe C Program Files Trend Micro HijackThis HijackThis exe C WINDOWS system pedorgli exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TY ion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook no name - A FAF - E- cf- - F A D - C Program Files MyWebSearch SrchAstt bin MWSSRCAS DLL F - REG system ini Shell ExplorerHacks exe O - BHO MyWebSearc... Read more

A:Trojan-Spy.Win32.Keylogger.aa

Hello and welcome to TSF
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

========
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

http://www.techsupportforum.com/forums/f100/trojan-spy-win32-keylogger-aa-303863.html
Relevancy 67.94%

A few days ago I attempted to download a file which apparently was a trojan. I've since had issues with the firefox.exe process continuously running and receiving the "Firefox has stopped running" error. My ESET A/V identified "a variant of Win32/Olmarik.RJ trojan" and quarantined it. I've ran Malwarebytes Anti-Malware 1.41 multiple times and it has quarantined/deleted the same 7 entries/files (log files available), but I still receive the firefox process error. I changed my default browser to IE8 and the problem has switched to the iexplore.exe process, so this problem is most assuredly a trojan. I need help in removing this one. I'm running Windows Vista Home Premium 64-bit SP1...thanks in advance for your time and help.

snpperhd
 

A:Win32/Olmarik.RJ trojan Trojan causing browser process to run continuously

bump
 

https://forums.techguy.org/threads/win32-olmarik-rj-trojan-trojan-causing-browser-process-to-run-continuously.882584/
Relevancy 67.94%

Win32/Olmarik.RJ trojan Trojan causing browser process to run continuouslyTrojan causing browser process to run continuously A few days ago I attempted to download a file which apparently was a trojan. I've since had issues with the firefox.exe process continuously running and receiving the "Firefox has stopped running" error. My ESET A/V identified "a variant of Win32/Olmarik.RJ trojan" and quarantined it. I've ran Malwarebytes Anti-Malware 1.41 multiple times and it has quarantined/deleted the same 7 entries/files (log files available), but I still receive the firefox process error. I changed my default browser to IE8 and the problem has switched to the iexplore.exe process, so this problem is most assuredly a trojan. I need help in removing this one. I'm running Windows Vista Home Premium 64-bit SP1...thanks in advance for your time and help.snpperhd

A:Win32/Olmarik.RJ trojan Trojan causing browser process to run continuously

Hello please post the Malwarebytes log..The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Please ask any needed questions,post logs and Let us know how the PC is running now.

http://www.bleepingcomputer.com/forums/t/276041/win32olmarikrj-trojan-trojan-causing-browser-process-to-run-continuously/
Relevancy 67.94%

quot trojan-bnk win keylogger gen quot has infected :: trojan-bnk.win32.keylogger.gen zidane21 my system I have an HP laptop running Vista Home Edition There are popups every few minutes claiming that my system has been infected by malware spyware and that I should activate some Vista security stuff I have had trojan-bnk.win32.keylogger.gen :: zidane21 problems running Internet Explorer as it keeps prompting me to activate the Vista stuff I have not attempted to remove anything or run any type of scanning removal tools I have McAfee Security running but it doesn't seem to detect the infection Thanks trojan-bnk.win32.keylogger.gen :: zidane21 for any help you can provide DDS results DDS Ver - - - NTFSX Run by Christy at on Sat Internet Explorer Microsoft Windows Vista Home Premium GMT - SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows System DriverStore FileRepository stwrt inf fb c STacSV exe C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system Hpservice exe C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows System DriverStore FileRepository stwrt inf fb c AESTSr exe C Program Files LSI SoftModem agr svc exe C Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files x Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files x Common Files LightScribe LSSrvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files x McAfee MPF MPFSrv exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files x SMINST BLService exe C Program Files x CyberLink Shared files RichVideo exe C Windows system svchost exe -k imgsvc C Program Files x Hewlett-Packard Media TV Kernel TV TVCapSvc exe C Program Files x Hewlett-Packard Media TV Kernel TV TVSched exe C Windows System svchost exe -k WerSvcGroup C PROGRA McAfee MSC mcmscsvc exe C Windows system taskeng exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files x Hewlett-Packard HP Health Check hphc service exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA mcafee com agent mcagent exe C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows System igfxtray exe C Windows System igfxpers exe C Program Files Apoint K Apoint exe C Program Files Hewlett-Packard HP MediaSmart SmartMenu exe C Windows system igfxsrvc exe C Program Files Java jre bin jusched exe C Program Files IDT WDM sttray exe C Program Files x Hewlett-Packard HP Advisor HPAdvisor exe C Program Files x Common Files LightScribe LightScribeControlPanel exe C Windows ehome ehtray exe C Program Files x Skype Phone Skype exe C Program Files x Comcast Universal Caller ID Comcast Universal Caller ID exe C Program Files x Hewlett-Packard Media DVD DVDAgent exe C Program Files x Hewlett-Packard TouchSmart Media TSMAgent exe C Program Files x Hewlett-Packard TouchSmart Media Kernel CLML CLMLSvc exe C Program Files x Hewlett-Packard Media TV TVAgent exe C Program Files x Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files x HP HP Software Update hpwuSchd exe C Program Files x Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Apoint K ApMsgFwd exe C Program Files x iTunes iTunesHelper exe C Program Files Apoint K Apntex exe C Program Files x Hewlett-Packard Shared hpqwmiex exe C Windows system wbem wmiprvse exe C Windows ehome ehmsas exe C Program Files iPod bin iPodService exe C Program Files x Hewlett-Packard HP Quick... Read more

A:trojan-bnk.win32.keylogger.gen :: zidane21

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f100/trojan-bnk-win32-keylogger-gen-zidane21-477185.html
Relevancy 67.94%

I deleted all related files through Malwarebytes Anti-Malware but my computer is STILL infected Also everytime I try to open internet explorer for the past year shady HELP! "Trojan-Keylogger.WIN32.Fung " programs get downloaded onto my PC without my authorization I switched to firefox but need IE for work PLEASE PLEASE PLEASE help me fix this Here is my log DDS Ver - - - NTFSx Run by t-money at on Wed Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access HELP! "Trojan-Keylogger.WIN32.Fung " scanning enabled Updated DDD - FF- F- E B- D D BF HELP! "Trojan-Keylogger.WIN32.Fung " Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe C WINDOWS System wltrysvc exe HELP! "Trojan-Keylogger.WIN32.Fung " C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS system dlbtcoms exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C WINDOWS system svchost exe -k imgsvc C Program Files Pure Networks Network Magic nmsrvc exe C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Program Files Java jre bin jusched exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Intel PROSetWired NCS PROSet PRONoMgr exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Musicmatch Musicmatch Jukebox mmtask exe C Program Files Real RealPlayer RealPlay exe C Program Files Canon MyPrinter BJMyPrt exe C Program Files ScanSoft OmniPageSE OpwareSE exe C WINDOWS system spool drivers w x WrtMon exe C Program Files QuickTime QTTask exe C WINDOWS system spool drivers w x WrtProc exe C Program Files iTunes iTunesHelper exe C WINDOWS system rundll exe C PROGRA AVG AVG avgtray exe C Program Files DellSupport DSAgnt exe C Program Files PeerGuardian pg exe C Program Files DNA btdna exe C Program Files Digital Line Detect DLG exe C Program Files Real Estate Tool Belt RealEstateToolBelt - Mortgage Calculator MortgageCalculator exe C Program Files iPod bin iPodService exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS system wbem wmiapsrv exe C Program Files Mozilla Firefox firefox exe C WINDOWS system wuauclt exe C Documents and Settings t-money Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearchMigratedDefaultURL hxxp search yahoo com search p searchTerms amp ei utf- amp fr b ie mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html uInternet Connection Wizard ShellNext hxxp www dell me com myway uInternet Settings ProxyOverride local lt local gt uInternet Settings ProxyServer http localhost uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - mURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO a f b - a e- dc-a e-b a - c program files windows media player mevohusec dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Megaupload Toolbar e bd f- b d- e-ccb -b eedbe c - c progra megaup MEGAUP DLL BHO bc -bea - d - - a bcb b - No File BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO c c d-a f - c-dd c-fdadaee - c windows system fzy dll BHO c d -f f -da -d c-fdadaee c - c windows system omgd dll BHO c e -a ab-db - c c-fdadaee c - c windows system bduqz dll BHO deae -abd - - - c d e b cd - c program files windows media player mevohusec dll f ff ... Read more

A:HELP! "Trojan-Keylogger.WIN32.Fung "

Heillo stang976, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14. Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. ) The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.Post the last Malwarebytes log so I can see what it is finding.

http://www.bleepingcomputer.com/forums/t/231425/help-trojan-keyloggerwin32fung/
Relevancy 67.94%

I'm getting this virus called "Trojan-BNK.Win32.Keylogger.gen" which shows up through Win 7 Security 2012, obviously some stupid "trick" to get me to buy their thing. It's fancy though. It prevents me from opening ANY programs, including internet explorer, any antivirus programs, even my command prompt.

This is on my girlfriends netbook. Can't install hijack this, problem persists even in safe mode. I get the same pop ups in safe mode saying my computer is at risk and can't open any programs. Any ideas guys? Safe mode with networking won't open anything either.
 

A:Trojan-BNK.Win32.Keylogger.gen (Can't Open ANYTHING)

Update: I managed to get ad-aware to run in safe mode, it found one threat and deleted/fixed it. I'm no longer getting the pop ups from the virus, however no programs will run now. I open internet explorer and it asks me what program I wish to open this file with. If I choose open iexplorer with iexplorer it asks me if I want to run or install it, neither work, and it repeats the process. I can't close the window as it continues to repeatedly prompt me. The same for system restore, which program would I like to open this file with? I tried installing hijack this, and it seemed to work until I tried to open it in which case it says the file cannot be found.
 

https://forums.techguy.org/threads/trojan-bnk-win32-keylogger-gen-cant-open-anything.1004208/
Relevancy 67.94%

Hello all I am helping a friend fix her Windows bit machine that has picked up the fake Trojan-BNK Win Keylogger gen It seems to react like the previous incarnations of the same bug It does a fake scan tries to get you to purchase the product blocks access to firefox and iexplorer with ugly warning popups Trojan-BNK.Win32.Keylogger.gen 2012 etc I m also getting warnings that dll files are missing but I can not tell if they are real or something fake generated by the malware I was able to run avast which didn t detect it but it was able access the web to update the virus engine I recently read that some malware removal aids do not work on bit systems so before I followed the instructions found at My link I thought I should ask Does rkill work on bit systems At present I can not run exe filesI can not access the web via windows but can access from that machine using a live Trojan-BNK.Win32.Keylogger.gen 2012 linux disc I also have another machine and a couple of usb drives to work with I m a linux user so its been an age since I dealt with this kind of difficulty so please feel free to talk to me like I was a simpleton thanks in advance -mystal

A:Trojan-BNK.Win32.Keylogger.gen 2012

You Don't need RKILLBoot the PC to safemode with networkingJust ignore the rogue pop ups.Copy malwarebytes on the infected PC.Right click on malwarebytes installerSelect Run as administratorMalwarebytes should start installing,updating and then click on SCANGood luck

http://www.bleepingcomputer.com/forums/t/435017/trojan-bnkwin32keyloggergen-2012/
Relevancy 67.94%

I am helping a friend remove this ugly bit of malware from her computer however because it blocks access to the net I was unable to do all the things - 2012 bnk.win32.keylogger.gen trojan in the read this first post I did run avast and it was able to update over the web but I can t navigate to anywhere for downloads I do have access trojan - bnk.win32.keylogger.gen 2012 to another computer and some usb drives available She is running Windows bit os I noticed one of the programs listed in the read this first post does not work on bit systems If someone can tell me how to get started on removing this nasty beastie I would be most grateful EDIT- I left out an important bit of information I downloaded hijack this and dds to a usb and tried to run them on the infected computer but it is apparently not running exe files It brings up a drop down box asking me to choose what application to use to open the files ANOTHER EDIT - I finally got hijackthis to run log is below mystmaiden Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Internet Explorer IELowutil exe C Users Faeries Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www startskins com startpage R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet trojan - bnk.win32.keylogger.gen 2012 Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG trojan - bnk.win32.keylogger.gen 2012 system ini UserInit userinit exe O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dll O - BHO MediaBar - BA E- EC- DE-B A -E D - C PROGRA BEARSH MediaBar ToolBar BearshareMediabarDx dll O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO UrlHelper Class - BF -DF - f-B DA- D FC E E - C PROGRA BEARSH MediaBar Datamngr IEBHO dll O - BHO IEHlprObj Class - CA ED -F FB- -A - E - C Program Files x iWin Games iWinGamesHookIE dll file missing O - BHO avast WebRep - E E -AD D- bf-AC D-D F D - C Program Files AVAST Software Avast aswWebRepIE dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - C Program Files x Google Google Toolbar GoogleToolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files x Google GoogleToolbarNotifier swg dll O - BHO Ask Toolbar BHO - D C F- A- -A AD- D - C Program Files x Ask com GenericAskToolbar dll file missing O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x bin jp ssv dll O - BHO ShopAtHomeIEHelper - E DAAA - CAA- b - - E E - C Program Files x SelectRebates Toolbar ShopAtHomeToolbar dll O - BHO Free Ride Games Toolbar - f a fe - - -b d - e b - C Program Files x Free Ride Games tbFree dll file missing O - BHO SingleInstance Class - FDAD DA - A - FD - C - F AC - C Program Files x Yahoo Companion Installs cpn YTSingleInstance dll O - BHO FB Layouts amp Extras - FF E D D... Read more

https://forums.techguy.org/threads/trojan-bnk-win32-keylogger-gen-2012.1033326/
Relevancy 67.94%

Hi - I use windows with XP and after research used rkill and then trojan-bnk.win32.keylogger.gen infection scanned with malwarebytes then rkill again and then scanned with Superantispyware I can now get on internet using firefox and ie but now have balloon that pops up with msg from malwarebytes quot successfully blocked access to a potentially malicious website quot with assorted ip addresses about every seconds The quot type is outgoing quot Not that computer savy so trojan-bnk.win32.keylogger.gen infection appreciate your patience DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by mark at on - - Microsoft Windows XP Professional GMT - AV Anti-Virus - SBC Yahoo Online Protection Disabled Updated CFD EA- CF- B -A B-BD A C AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA Running Processes C WINDOWS system Ati evxx exe C WINDOWS system trojan-bnk.win32.keylogger.gen infection svchost -k DcomLaunch svchost exe c Program Files Microsoft Security Client Antimalware MsMpEng exe C WINDOWS System trojan-bnk.win32.keylogger.gen infection svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system brsvc a exe C WINDOWS system brss a exe C WINDOWS system spoolsv exe C Program Files Citrix ICA Client ssonsvr exe C WINDOWS Explorer EXE C Program Files SUPERAntiSpyware SASCORE EXE C Program Files APC APC PowerChute Personal Edition mainserv exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CTsvcCDA EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Java jre bin jqs exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Malwarebytes Anti-Malware mbamservice exe C WINDOWS ehome ehtray exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Brother Brmfcmon BrMfcWnd exe C Program Files Microsoft Security Client msseces exe C Program Files dvd dvd tray exe C WINDOWS system dla tfswctrl exe C Program Files Brother Brmfcmon BrMfcmon exe C Program Files Seagate Seagate Dashboard SeagateDashboardService exe C Program Files Common Files Java Java Update jusched exe C Program Files Secunia PSI PSIA exe C Program Files Malwarebytes Anti-Malware mbamgui exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files TechSmith Jing Jing exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Uniblue ProcessQuickLink ProcessQuickLink exe C Program Files Seagate Seagate Dashboard MemeoDashboard exe C Program Files Secunia PSI psi tray exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files APC APC PowerChute Personal Edition apcsystray exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Seagate Seagate Dashboard HipServAgent HipServAgent exe C Program Files Secunia PSI sua exe C Program Files Internet Explorer iexplore exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox plugin-container exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files iPod bin iPodService exe C Program Files iTunes iTunesHelper exe C WINDOWS System ping exe Pseudo HJT Report uSearch Page hxxp www google com uSearch Bar hxxp www google com ie uSearchMigratedDefaultURL hxxp search yahoo com search p searchTerms amp ei utf- amp fr b ie uWindow Title Windows Internet Explorer provided by Comcast mSearch Bar hxxp red clientapps yahoo com customize ie defaults sb sbcydsl http www yahoo com search ie html mWindow Title Windows Internet Explorer provided by Comcast uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO MainCode Clas... Read more

A:trojan-bnk.win32.keylogger.gen infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435330 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/435330/trojan-bnkwin32keyloggergen-infection/
Relevancy 67.94%

I started with trojan-bnk win keylogger gen I thought I removed it but it randomly comes back I run superantispyware and I have trojans remove them and two days later I have more My computer used to shut down in seconds now it takes about a minute I search something on Google and open a link and I Started with trojan-bnk.win32.keylogger.gen am re-directed to something else Broni was quick to assist but said I have more issues that need more advanced help I ran a bunch of tests and posted the logs for him and they are here at this link http www bleepingcomputer com forums topic html page p fromsearch entry He sent me here and gave me a guide to follow He told me to start on step and then post everything Any help would be so gratefully appreciated P S I had to skip step since I m running Windows bit DDS Ver - - - NTFSAMD Internet Explorer BrowserJavaVersion Run Started with trojan-bnk.win32.keylogger.gen by Jason Started with trojan-bnk.win32.keylogger.gen at on - - Microsoft Windows Home Premium GMT - AV AVG Anti-Virus Free Edition Enabled Updated A B -DEE -F A-FBCD-ADB C F SP AVG Anti-Virus Free Edition Enabled Updated E A -F D -F D -C D- C DBE F D SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows system atiesrxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system atieclxx exe C Program Files SUPERAntiSpyware SASCORE EXE C Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files x ASUS AsSysCtrlService AsSysCtrlService exe C Program Files x AVG AVG avgwdsvc exe C Program Files x Bonjour mDNSResponder exe C Windows System svchost exe -k LocalServiceNoNetwork C Program Files x Common Files LightScribe LSSrvc exe C ASUS SYS CONFIG DVMExportService exe C Program Files x Memeo AutoBackup MemeoBackgroundService exe C Program Files x CyberLink Shared files RichVideo exe C Program Files x Seagate Seagate Dashboard SeagateDashboardService exe C Windows system svchost exe -k imgsvc C Program Files x Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Windows system taskhost exe C Windows system Dwm exe C Windows system wbem wmiprvse exe C Windows Explorer EXE C Windows system taskeng exe C Program Files x AVG AVG avgnsa exe C Program Files x ASUS EPU- Engine SixEngine exe C Program Files Realtek Audio HDA RAVCpl exe C Program Files x Common Files LightScribe LightScribeControlPanel exe C Program Files Windows Sidebar sidebar exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE C Program Files x NEC Electronics USB Host Controller Driver Application nusb mon exe C Program Files x CyberLink Power Go CLMLSvc exe C Program Files x CyberLink PowerDVD PDVD Serv exe C Program Files x CyberLink Shared files brs exe C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x MultiScreen MultiScreen exe C Program Files x iTunes iTunesHelper exe C Program Files x AVG AVG avgtray exe C Program Files x Common Files Java Java Update jusched exe C Program Files HTC ModeSelection VMMModeSelection exe C Program Files x AVG Secure Search vprot exe C Program Files x Malwarebytes Anti-Malware mbamgui exe C Program Files x ATI Technologies ATI ACE Core-Static MOM exe C Program Files x Seagate Seagate Dashboard MemeoDashboard exe C Program Files x ATI Technologies ATI ACE Core-Static CCC exe C Program Files x Memeo AutoBackup InstantBackup exe C Windows system SearchIndexer exe C Program Files iPod bin iPodService exe C Windows system wbem wmiprvse exe C Program Files x Seagate Seagate Dashboard HipServAgent HipServAgent exe C Program Files x Mozil... Read more

A:Started with trojan-bnk.win32.keylogger.gen

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434875 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GME... Read more

http://www.bleepingcomputer.com/forums/t/434875/started-with-trojan-bnkwin32keyloggergen/
Relevancy 67.94%

My PC is running XP with SP3 and I am using Firefox. My browser has been hacked.

I have a keylogger trojan named:

Win32/sinowal.gen!R
and
Win32/sinowal.gen!S

I found out I had something on my computer when I tried to log onto my bank's website (Chase dot com) and was redirected to a page for me to put in all my account details. I didn't give them any details but I know there is something on my computer from running Widows Live Care One safety scan. It found what it called a keylogger trojan and said it cleaned it, but it didn't.

I ran Superantispyware and Trend Micro Housecall and they didn't find anything.
Also, when I tried to search for Kaspersky anti-virus program I am redirected to a fake page.

Any help with this will be greatly appreciated.
Thank you.
 

Relevancy 67.94%

Hi,
I recently have encountered the 'false' virus of Trojan-BNK.Win32.Keylogger.gen . I was wondering if anyone had any suggestions to removing it completely from my computer!? Thanks!!!

A:Trojan-BNK.Win32.Keylogger.gen Removal

Hello and welcome. We should run these and review the scan logs//Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.If Malwarebytes Anti-Malware results in any error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it here so the research team can investigate.Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine firs... Read more

http://www.bleepingcomputer.com/forums/t/304664/trojan-bnkwin32keyloggergen-removal/
Relevancy 67.94%

So I ve got this Trojan-BNK Win Keylogger gen thing on my desktop I quot ve followed a tutorial that brought me to bleepingcomputer It involved running rkill exe files something or other and I ve tried a handful of other things such as Went back and did a system restore at a point about a week and a half ago Ran Malware bytes and Super Anti-Spyware Neither found anything substantial Tried doing a fixexe reg that I found somewhere Hasn t made a change I don t get that initial so-called windows security warning saying I m infected anymore but things still it) (Can't shake Trojan-BNK.Win32.Keylogger.gen aren t running right At this point I can get my way around a few very few sites But Trojan-BNK.Win32.Keylogger.gen (Can't shake it) I can not get on any of the sites that I regularly surf fantasy baseball news sites ebay etc I don t know if this is because these were the sites that were up initially when I got this trojan message I don t know what s going on but I can t back to surfing the web properly I ve tried restarting computer and turning off modemand router etc The thing that kind of also confuses me is that I am unable to get on these same sites on any of the other wireless devices in the house Should it affect my other computers abilities to access sites as well I quot m stumped I can t figure out what s going on and what I need to do to fix this and get back to normal Any ideas PLEASE Thanks

A:Trojan-BNK.Win32.Keylogger.gen (Can't shake it)

I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push NOTE: In some instances if no malware is found there will be no log produced.

http://www.bleepingcomputer.com/forums/t/412757/trojan-bnkwin32keyloggergen-cant-shake-it/
Relevancy 67.94%

Hi - I use windows 7 with XP and after research used rkill and then scanned with malwarebytes then rkill again and then scanned with Superantispyware. I can now get on internet using firefox and ie 7, but now have balloon that pops up with msg: from malwarebytes "successfully blocked access to a potentially malicious website" with assorted ip addresses about every 12 seconds. The "type is outgoing"

Would appreciate any help with resolving my issue.

Paradude

A:trojan-bnk.win32.keylogger.gen infection

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/435221/trojan-bnkwin32keyloggergen-infection/
Relevancy 67.94%

A friend of mine s laptop has a Windows Security Alert window popping up every few minutes stating suspicious software has been detected Name Trojan-Keylogger Win Agent Risk Level High Description Agent arpt is a Spyware program that records keystrokes takes screen shot of the computer My friend stated he was on FaceBook when he became infected with this persistant popup Computer Dell Vostro Laptop running WinXP SP Trojan-Keylogger.Win32.Agent current on all patching Running McAfee Total Protection Service current subscription and current definitions Efforts McAfee Scan ran - Three Trojan-Keylogger.Win32.Agent items found corrected Deleted and rd identified in registry as Potentially unwanted Object HKLM Software Microsoft Windows CurrentVersion Run systray Threat Adware-Perfect gen - - - Detected but no further action taken by McAfee Installed and ran SuperAntiSpyware Items were found quaranteened and deleted by me Second scan ran which came back clean Installed Trojan-Keylogger.Win32.Agent Malware Bytes items detected and removed - - Cookies Afterwards Windows Security Alert is still popping up as described I downloaded HJT onto the laptop and ran it Here is the log file Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system svchost exe C Program Files McAfee Managed VirusScan VScan EngineServer exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Java jre bin jqs exe C Program Files Common Files McAfee HackerWatch HWAPI exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files McAfee MPF MPFSrv exe C Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C WINDOWS System svchost exe C WINDOWS system nvsvc exe C WINDOWS System svchost exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C WINDOWS system fxssvc exe C Program Files McAfee Managed VirusScan VScan McShield exe C WINDOWS System alg exe C WINDOWS Explorer EXE C Program Files DellTPad Apoint exe C WINDOWS system rundll exe C WINDOWS system RUNDLL EXE C WINDOWS OEM Mon exe C Program Files DellTPad ApMsgFwd exe C Program Files DellTPad HidFind exe C Program Files DellTPad Apntex exe C WINDOWS system WLTRAY exe C Program Files Dell Dell Webcam Manager DellWMgr exe C Program Files Dell QuickSet quickset exe C WINDOWS stsystra exe C WINDOWS system KADxMain exe C Program Files Dell MediaDirect PCMService exe C WINDOWS system wbem wmiprvse exe C Program Files McAfee Managed VirusScan Agent myAgtTry exe C Program Files Dell Support Center bin sprtcmd exe C Program Files HP HP Software Update HPWuSchd exe C DOCUME CDickert LOCALS Temp defender exe C Program Files Digital Line Detect DLG exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Microsoft SQL Server Tools Binn sqlmangr exe C Program Files Java jre bin jusched exe C Program Files HP Smart Web Printing hpswp clipbook exe C Program Files Internet Explorer iexplore exe C HiJackThis HiJackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL partnerpage google com smallbiz dell com en us hl en amp client dell-usuk amp channel us-smb amp ibd R - HKCU Software Microsoft Internet Explorer Main Start Page http www foxnews com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com ... Read more

Relevancy 67.94%

I contracted this via a torrent download I believe I formatted the partition containing the Windows XP Home and reinstalled using the Trojan-Keylogger.Win32.fung DELL OS reinstall disk provided with the machine and proceeded with windows updates service pack security updates as well I have not been getting the popups for quot Windows Security Alerts quot etc AVG Free is installed but Trojan-Keylogger.Win32.fung I am unable to uninstall it fails due to an error Adaware is also installed but disabled Trojan-Keylogger.Win32.fung I think at the time of the DDS Attach ComboFix was downloaded but never ran and since been removed from the desktop I have followed the instructions pertaining to posting below is the DDS and find Attach txt attached DDS Ver - - - NTFSx Run by Geoff at on Sat Internet Explorer Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system Trojan-Keylogger.Win32.fung svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE C WINDOWS system igfxtray exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files Windows Desktop Search WindowsSearch exe svchost exe C PROGRA AVG AVG avgwdsvc exe c WINDOWS Microsoft NET Framework v mscorsvw exe C WINDOWS system SearchIndexer exe C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C WINDOWS system SearchProtocolHost exe C Documents and Settings Geoff Desktop dds scr Pseudo HJT Report uStart Page hxxp google com uURLSearchHooks AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll uURLSearchHooks H - No File BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar BHO a bc a - f - -aa - d c - c program files avg avg toolbar IEToolbar dll TB AVG Security Toolbar ccc a -b ca- -b a - f dd - c program files avg avg toolbar IEToolbar dll uRun ctfmon exe c windows system ctfmon exe mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun AVG TRAY c progra avg avg avgtray exe mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Ad-Watch c program files lavasoft ad-aware AAWTray exe StartupFolder c docume alluse startm programs startup window lnk - c program files windows desktop search WindowsSearch exe IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe DPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com get shockwave cabs flash swflash cab DPF E E F- F- FB - -AC BF A - hxxp platformdl adobe com NOS getPlusPlus gp cab Handler linkscanner - F C- F - D -A D -FBDDE F D - c program files avg avg avgpp dll Notify avgrsstarter - avgrsstx dll Notify igfxcui - igfxdev dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll SEH Windows Desktop Search Namespace Manager f e- - c - f - a bcc - c program files windows desktop search MSNLNamespaceMgr dll SERVICES DRIVERS R Lbd Lbd c windows system drivers Lbd sys - - R AvgLdx AVG Free AVI Loader Driver x c windows system drivers avgldx sys - - R AvgMfx AVG Free On-access Scanner Minifilter Driver x c windows system drivers avgmfx sys - - R AvgTdiX AVG Free Network Redirector c windows system drivers avgtdix sys - - R avg emc AVG Free E-m... Read more

A:Trojan-Keylogger.Win32.fung

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREKind regardsNet_Surfer

http://www.bleepingcomputer.com/forums/t/233596/trojan-keyloggerwin32fung/
Relevancy 67.94%

I was on my computer and the message appeared that I was infect with Trojan-BNK.Win32.Keylogger.gen, this program has been redirecting me to different web pages and not allowing me to utilize my computer. I had to go into safe mode to be able to get into certain sites, please help me remove.

A:Infected with Trojan-BNK.Win32.Keylogger.gen PLEASE HELP

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf you still can't run it, try in the Safe ModePlease include the following in your next post:DDS.txt and Attach.txt logsGMER log

http://www.bleepingcomputer.com/forums/t/438327/infected-with-trojan-bnkwin32keyloggergen-please-help/
Relevancy 67.94%

hi there i got the trojan-bnk win keylogger gen last week i have downloaded malwarebytes stopzilla and Rkill i ran them all and it helpped but not for everything from the start menu most files are empty and the desktop has a trojan-bnk.win32.keylogger.gen removal blue screen and i wanted to just run the system restore but it is disabled and wont run if there is anyone with some suggestions that would be great DDS DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by arnold at on - - Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan Enterprise Enabled Outdated A B B- C - -A AB-E DEABF F Running Processes C WINDOWS system svchost exe -k DcomLaunch C Program Files Common Files iS Anti-Spyware SZServer exe svchost exe C WINDOWS System svchost trojan-bnk.win32.keylogger.gen removal exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe svchost exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program trojan-bnk.win32.keylogger.gen removal Files Malwarebytes Anti-Malware mbamservice exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files McAfee VirusScan Enterprise Mcshield exe C Program Files McAfee VirusScan Enterprise VsTskMgr exe C WINDOWS system HPZipm exe C Program Files Dell MediaDirect PCMService exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS stsystra exe C WINDOWS system WLTRAY exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Java Java Update jusched exe C WINDOWS system igfxsrvc exe C Program Files iTunes iTunesHelper exe C Program Files Malwarebytes Anti-Malware mbamgui exe C Program Files iPod bin iPodService exe C Program Files STOPzilla STOPzilla exe C Program Files Mozilla Firefox firefox exe C Program Files internet explorer iexplore exe C Program Files internet explorer iexplore exe C WINDOWS system ctfmon exe Pseudo HJT Report uStart Page hxxp www google com uInternet Settings ProxyOverride local BHO STOPzilla Browser Helper Object e f - - d - f b- d b d - c program files stopzilla SZIEBHO dll uRun swg c program files google googletoolbarnotifier GoogleToolbarNotifier exe uRun ctfmon exe c windows system ctfmon exe mRun PCMService quot c program files dell mediadirect PCMService exe quot mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun SigmatelSysTrayApp stsystra exe mRun Broadcom Wireless Manager UI c windows system WLTRAY exe mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun Malwarebytes Anti-Malware quot c program files malwarebytes anti-malware mbamgui exe quot starttray IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE EA C -E FF- B- -AEC B E - EA C -E FF- B- -AEC B E - c program files skype toolbars internet explorer skypeieplugin dll IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL DPF BFB - - D - - A AFC - hxxp download eset com special eos-beta OnlineScanner cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i ... Read more

A:trojan-bnk.win32.keylogger.gen removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________Please download UnHide.exe by Grinler.It will unhide folders/files that were set to be hidden by the infection you had.NEXT:This is a manual fix for XP users:1. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1and paste it to this folder:C:\Documents and Settings\All Users\Start Menu2. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2and paste it to this folder:C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch3. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3and paste it to this folder:C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar4. Copy the entire content of this folder:C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4and paste it to this folder:C:\Documents and Settings ... Read more

http://www.bleepingcomputer.com/forums/t/403310/trojan-bnkwin32keyloggergen-removal/
Relevancy 67.94%

gmer txt info txt This fake Windows Security Popup keep coming up I haven't followed the links I just close it My trendmicro software doesn't detectd it I ran the RSIT and GMER See Attached How do I remove this thing Is it really Trojan-Keylogger.Win32.Fung a keylogging program Logfile Trojan-Keylogger.Win32.Fung of random's system information tool written by random random Run by Kristi at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB free Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system Ati evxx exe C WINNT system svchost exe C WINNT System svchost exe C Program Files Ahead InCD InCDsrv exe C WINNT system svchost exe C WINNT system spoolsv exe C Program Files Common Files LogiShrd LVMVFM LVPrcSrv exe C WINNT system Ati evxx exe C WINNT Explorer EXE C Program Files Trend Micro BM TMBMSRV exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec pcAnywhere awhost exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C WINNT system HPZipm exe C Program Files Trend Micro Internet Security SfCtlCom exe C WINNT system svchost exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Trend Micro Internet Security UfSeAgnt exe C Program Files Trend Micro Internet Security TmProxy exe C Program Files Common Files LogiShrd LComMgr Communications Helper exe C Program Files Logitech QuickCam Quickcam exe C WINNT System spool DRIVERS W X E S I R EXE C WINNT system ctfmon exe C WINNT system drivers svchost exe C Program Files Common Files Logishrd LQCVFX COCIManager exe C Program Files Common Files LogiShrd LVCOMSER LVComSer exe C Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exe C Program Files Common Files Adobe Updater AdobeUpdater exe C Program Files Adobe Reader Reader AcroRd exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office Office WINWORD EXE C PROGRA WinZip winzip exe C DOCUME Kristi LOCALS Temp gmer exe C Documents and Settings Scott Clark Desktop RSIT exe C Program Files trend micro Kristi exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www webmail woh rr com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http go microsoft com fwlink LinkId R - URLSearchHook Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFre dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFre dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - Toolbar Freecorder Toolbar - b d - c - f-a f -b f a - C Program Files Freecorder tbFre dll O - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files LogiShrd LComMgr Communications Helper exe quot O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech QuickCam Quickcam exe quot hide O - HKLM Run NeroFilterCheck C WINNT system NeroCheck exe O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe q... Read more

A:Trojan-Keylogger.Win32.Fung

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)

==========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.
[*]Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
[*] When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

===========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

===========
Logs Required
C:\Combofix.txt
Hijackthis Log

If there is no response to this post within 72hrs, this thread will be closed.

http://www.techsupportforum.com/forums/f284/trojan-keylogger-win32-fung-310718.html
Relevancy 67.94%

I am infected with Trojan-BNK.Win32.Keylogger.gen

Win 7 Antivirus 2012 has blocked a program from accessing the Internet.

Yes, activate Win 7 Antivirus 2012

No, continue unprotected (dangerous)

I also get a popup on the lower right: "Threat: Devices.2000" Do you want to block this attack (Yes / No)"

Please advise on how to continue.

A:I am infected with Trojan-BNK.Win32.Keylogger.gen

Have a look at here

http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012

http://www.bleepingcomputer.com/forums/t/432299/i-am-infected-with-trojan-bnkwin32keyloggergen/
Relevancy 67.94%

Hello everybody hope you can help me with this problem multiple Infected Trojan-Spy.win32.keylogger.aa with pop ups with fake windows Infected with Trojan-Spy.win32.keylogger.aa alert telling me I have a Infected with Trojan-Spy.win32.keylogger.aa security problem here is my logLogfile of Trend Infected with Trojan-Spy.win32.keylogger.aa Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS SOUNDMAN EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Java jre bin jusched exeC PROGRA Grisoft AVG avgcc exeC Program Files Common Files Real Update OB realsched exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC Program Files Hewlett-Packard hp deskjet series Toolbox HPWITBX exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC DOCUME PC LOCALS Temp video cfgC DOCUME PC LOCALS Temp c exeC WINDOWS system zmlenkji exeC Documents and Settings All Users Application Data irqhinqb mxavsfqn exeC Program Files SpyNoMore SNM exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www drudgereport com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO XML module - BCA - A - eaf- - C B D - C WINDOWS system msxml dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run HPWITOOLBOX C Program Files Hewlett-Packard hp deskjet series Toolbox HPWITBX exe quot -i quot O - HKLM Run SNM C Program Files SpyNoMore SNM exe startupO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run NVIDIA nTune quot C Program Files... Read more

A:Infected with Trojan-Spy.win32.keylogger.aa

Hello w66 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Do not change any settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Close Notepad (saving the change if necessry).Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt. I will review it when it comes in. Cheers.OT

http://www.bleepingcomputer.com/forums/t/174194/infected-with-trojan-spywin32keyloggeraa/
Relevancy 67.94%

I'm hoping somebody here can help A couple days ago a Windows Security Alert box popped up on my computer running WinXP asking if I want to block suspicious software named Trojan-Keylogger WIN Agent with Trojan-Keylogger.WIN32.Agent a description of Agent arpt is s Spyware programm that records keystrokes and takes screen shot of the computer The Keep Blocking and Unblock boxes are grayed out and only the Enable Protection box is highlighted I understand from my wife that she saw this box before I did and she thought Trojan-Keylogger.WIN32.Agent it was real and cliked on the link at the Trojan-Keylogger.WIN32.Agent bottom of the box that Trojan-Keylogger.WIN32.Agent says Click to download and activate protection I have McAfee virus software running and after I saw this for the first time I ran spy-bot and ad-aware as well as trying to restore my computer to previous date It appears none of these things helped because this box continues to pop up about every minutes I click the X to close the box Earlier this evening I ran HijackThis Below is the log Does anyone see something that I can attack to fix this problem I appreciate the help KevinHere's the log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system CTsvcCDA EXEC Program Files Intel Intel Matrix Storage Manager iaantmon exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files McAfee MPF MPFSrv exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system svchost exeC WINDOWS system xElevate a exeC WINDOWS Explorer EXEC WINDOWS system PRISMSVR EXEC Program Files Java j re bin jusched exeC Program Files Intel Intel Matrix Storage Manager iaanotif exeC Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exeC Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXEC WINDOWS system CTHELPER EXEC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC Program Files McAfee com Agent mcagent exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC DOCUME Rachel LOCALS Temp defender exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files Digital Line Detect DLG exeC Program Files Dell Wireless PRISMCFG exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files HP Digital Imaging bin hpqimzone exeC WINDOWS system wuauclt exeC PROGRA McAfee VIRUSS mcsysmon exeC PROGRA McAfee VIRUSS mcods exec PROGRA mcafee VIRUSS mcvsshld exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Search Bar http bfc myway com search de srchlft htmlR - HKCU Software Microsoft Internet Explorer Main Start Page file C WWW Mainpage htmR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Micros... Read more

A:Trojan-Keylogger.WIN32.Agent

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREregards _temp_

http://www.bleepingcomputer.com/forums/t/231747/trojan-keyloggerwin32agent/
Relevancy 67.94%

On my home computer I have a virus or malware that prompts me to purchase IE 2012 Anti Spyware software. I am only able to access the internet thru Google Chrome, as the virus does not give me internet access on Mozilla or IE. This seems to be happening in both safe mode and regular mode. I tried downloading combofix, but when I click on "run" a security warning pops up. I also tried running trend micro pc housecall and the when I selected "run" the same thing happened. I was also able to find where the affected files were located and tried to delete them, but it said I could not delete. It seems like I'm pretty hamstrung on getting rid of this. Please help!

A:IE/Mozilla:Trojan-BNK.Win32.Keylogger

Hello hansie,I moved this to the Am I Infected forum for now.What is your Operating system and antivirus?Lets try this for now.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click ... Read more

http://www.bleepingcomputer.com/forums/t/412302/iemozillatrojan-bnkwin32keylogger/
Relevancy 67.94%

Hello I have a friend who was getting a false alert on her XP computer saying she is infected with trojan-keylogger win agent and should send them money for software to remove Obviously we know this is a scam but I cannot figure out how to remove So I killed the hard drive with Killdisk and performed a clean install Well here it is two weeks later and she is trojan-keylogger.win32.agent getting the the trojan-keylogger.win32.agent bogus notice again Does anyone know how to remove this specific infection The only thing I can find on the web is advice to reformat I don t wish to do that again if I can help it Plus I don t like to think I am being defeated Any specific knowledge out there Thanks PS I do have access to HJT school forums here at bleeping computer even though I have been inactive in my studies lately Just thought I would mention it in case there were removal instructions in those hidden forums

A:trojan-keylogger.win32.agent

Hi Albert Frankenstein,You can try MBAM first. Instructions:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/234814/trojan-keyloggerwin32agent/
Relevancy 67.94%

My computer is infected with some bad malaware but I don't know what it is I am got messages from a Microsoft looking window saying I had a Trojan-Keylogger win agent the windows would not go away and something started downloading which I closed My browser has also been hijacked When I try to search for the Trojan-Keylogger win agent on yahoo my brower redirects me to another window I am not Trojan-Keylogger.win32.agent too technical and I have been downloading some stuff off this web site I did a Hijack this log which I will post and perhaps you can give me some advice Thanks Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system Trojan-Keylogger.win32.agent services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system CSHelper exeC Program Files QuickTime qttask exeC Program Files iTunes iTunesHelper exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS system svchost exeC Program Files McAfee com VSO mcvsshld Trojan-Keylogger.win32.agent exeC PROGRA mcafee com agent mcagent exeC Program Files McAfee com VSO oasclnt exeC Program Files Common Files FotoNation Trojan-Keylogger.win32.agent EvLstnr exeC WINDOWS system svchost exeC Program Files Java jre bin jusched exeC Program Files IObit Advanced SystemCare AWC exeC Program Files Java jre bin jqs exec progra mcafee com vso mcvsescn exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Logitech SetPoint KEM exec program files mcafee com agent mcdetect exec PROGRA mcafee com vso mcshield exeC Program Files Logitech SetPoint KHALMNPR EXEc PROGRA mcafee com agent mctskshd exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System locator exeC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files iPod bin iPodService exeC WINDOWS System alg exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Start Page https login yahoo com config login verify sbc yahoo com F - REG system ini UserInit C WINDOWS system userinit exe C WINDOWS system sdra exe O - BHO no name - D -C F - efb- B - ECA - no file O - BHO HP Print Enhancer - C E- - -BF - C - C Program Files HP Digital Imaging Smart Web Printing hpswp printenhancer dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO HP Smart Web Printing - AE A AA-A - B -B -C E E FE - no file O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - BHO HP Smart BHO Class - FFFFFFFF-CF E- F B-BDC - E E A - C Program Files HP Digital Imaging Smart Web Printing hpswp BHO dllO - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dllO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXEO - HKLM Run VSOCheckTask quot C PROGRA McAfee com VSO mcmnhdlr... Read more

A:Trojan-Keylogger.win32.agent

Update,Searching for information, I saw a thread about something that looked very similar to what my computer has:http://www.bleepingcomputer.com/virus-remo...ivirus-pro-2009I had scanned with an old version of of Malwarebytes anti Malware, I downloaded a new version and it got rid of all kinds of bad stuff! Yay!But there are two files which it says are infected but cannot get rid of, it says it will delete them after rebooting, but I tried several times and they are still there.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.I ran a new HiJack this log file, could you take a look?Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:05:13 PM, on 07/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\Program Files\Common Files\FotoNation\EvLstnr.exeC:\Program Files\Java\jre6\bin\jusched.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify.../sbc.yahoo.com/O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C: ... Read more

http://www.bleepingcomputer.com/forums/t/239288/trojan-keyloggerwin32agent/
Relevancy 67.94%

OK So I am running windows Vista on a dell vostro 220 and I keep getting these dreadful Windows Vista Antivirus 2012 popups and alerts telling me to buy their fake software. Everybody on the web is saying download malwarebytes and the like then just rename the file before you install it but that doesn't work because it won't install. I can't seem to get rid of it. Can somebody please help me? I've seen posts for this before but this seems like a new version.

Seriously whoever helps me will receive the the JEREMIAH1 NO1. INTERNET TROUBLE SHOOTER AWARD!!!

Many thanks
 

https://forums.techguy.org/threads/trojan-bnk-win32-keylogger-gen-nightmare.1005508/
Relevancy 67.94%

I was infected with trojan-bnk.win32.keylogger.gen. I have ran superspyware removal and it gets rid of it.....for a day. Then it is back. My computer is very slow also, I am guessing due to the infection. Before it would take about 10 seconds or less to completely shut down. Now it takes about a minute. If anybody can help get rid of this I would be very grateful.

Thanks

A:trojan-bnk.win32.keylogger.gen infection...need help

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices" in right pane.If still no joy, try to run it from Safe Mode.

http://www.bleepingcomputer.com/forums/t/433868/trojan-bnkwin32keyloggergen-infectionneed-help/
Relevancy 67.94%

Hello all you wonderful smart people at Bleeping Computer who I have used many a time in the past for looking up nasties I have an issue big surprise I am running a Dell Inspiron E laptop with Windows XP installed on it Several days ago this annoying pop-up began appearing which said quot Windows Security Alert - Name Trojan-Keylogger Win Agent - Risk Level High Pop-up with "trojan-keylogger.WIN32.agent" - Description Agent arpt Pop-up with "trojan-keylogger.WIN32.agent" is a Spyware program that records keystrokes takes screen shots of the computer quot I did some research before proceeding and came across a quot Bogus quot Windows Security alert from a year or so back with the same name but instead of agent it was fung I have no idea if this is related or not ANYWAY after running MalwareBytes Windows Defender McAfee and Pop-up with "trojan-keylogger.WIN32.agent" the AdAware all coming up cleaning except for AdAware which removed some trojans I restarted the machine and the little bugger came back Unsure how to proceed from there I disabled my internet and did a system restore to about days before the incident After that the pop-up was gone however McAfee's Virus-scan was damaged in the process I researched this and found that it Pop-up with "trojan-keylogger.WIN32.agent" was common for this to happen after system restores and so I went to McAfee's site downloaded their client and properly uninstalled McAfee and then installed and updated Avast After all this I ran an Avast Scan which removed trojan keyloggers and then adaware which came up clean Is this a viable fix for the issue at hand Or is it recommended I post a hijack this log to be sure Just want to make sure everything is hunky dory and all that PS if it would be helpful I screen capped the alert window if you'd like to look at it Thank you in advance for any assistance DDS Ver - - - NTFSx Run by V Brielle Moore at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin S EvMon exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS stsystra exe C WINDOWS system rundll exe C WINDOWS system spoolsv exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Adobe Acrobat Acrobat Acrotray exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Intel Wireless Bin EvtEng exe C Program Files iWin Games iWinTrusted exe C Program Files iTunes iTunesHelper exe C WINDOWS System nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Common Files Real Update OB realsched exe C Program Files Google Google Talk googletalk exe C Program Files Intel Wireless Bin WLKeeper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Zune ZuneLauncher exe c WINDOWS system ZuneBusEnum exe C PROGRA ALWILS Avast ashDisp exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files DNA btdna exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files iPod bin iPodService exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files Intel Wireless Bin Dot XCfg exe C Program Files Windows Live Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C Documents and Settings V Brielle Moore Desktop dds scr Pseudo HJT Report uStart Pa... Read more

A:Pop-up with "trojan-keylogger.WIN32.agent"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/234405/pop-up-with-trojan-keyloggerwin32agent/
Relevancy 67.51%

Referred from here http www bleepingcomputer com forums t help-win kryptikbat-trojan-cant-remove OBHiI have been in the the process where one of the team had tried to help me remove the virus but he refered me to this as he cant do CANT remove NOD32 Dectated Trojan My Win32/Kryptik.BAT Trojan Cant HELP!! REMOVE!!!!!!!, it Nod keeps poping up saying i have Win Kryptik BAT trojan When scanned it cant be found I have attach the image of what it says on NOD quarnatined Also i have attched the ATTACH EXE file on the DSS scan and posted the DSS results and RootRepeal results When i enter internet explorer it keeps saying internet explorer needs to be shut down but when clicked ok it stays open for some strange reason it HELP!! Win32/Kryptik.BAT Trojan CANT REMOVE!!!!!!!, Trojan Dectated My NOD32 Cant remove also keeps sending me to FAKE antivirus websites via internet explorer Also the compluter is slower than HELP!! Win32/Kryptik.BAT Trojan CANT REMOVE!!!!!!!, Trojan Dectated My NOD32 Cant remove usual but still quick Now and agen it pops up saying The Windows CardSpace service failed to start due to the following error The service did not respond to the start or control request in a timely fashion which i dont know if is anything to do with it Any more Infomation please ask I hope you can help guys Its P ing me off Thanks Y DDS Ver - - - NTFSx Run by Nathan at on Internet Explorer Microsoft Windows Vista Home Premium GMT AV ESET NOD Antivirus On-access scanning enabled Updated E E D - - F - FB -D ACA F C SP ESET NOD Antivirus enabled Updated E E D - - HELP!! Win32/Kryptik.BAT Trojan CANT REMOVE!!!!!!!, Trojan Dectated My NOD32 Cant remove B -A D -D D C BB SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows system WLANExt exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files ESET ESET NOD Antivirus ekrn exeC Program Files Intel WiFi bin EvtEng exeC Program Files Sony Ericsson Sony Ericsson PC Suite SupServ exeC Windows system PnkBstrA exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files Common Files Intel WirelessCommon RegSrvc exeC Windows system svchost exe -k netsvcC Windows system svchost exe -k imgsvcC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system wbem wmiprvse exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Program Files Windows Defender MSASCui exeC Windows System igfxpers exeC Program Files ESET ESET NOD Antivirus egui exeC Program Files Windows Live Messenger msnmsgr exeC Windows system igfxsrvc exeC Program Files Windows Media Player wmpnscfg exeC Program Files Windows Sidebar sidebar exeC Program Files DAEMON Tools Lite DTLite exeC Program Files Windows Media Player wmpnetwk exeC Program Files Internet Explorer ieuser exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Windows system svchost exe -k SDRSVCC Program Files Internet Explorer IEUser exeC Windows system wbem wmiprvse exeC Windows system SearchProtocolHost exeC Windows system SearchFilterHost exeC Windows system taskeng exeC Windows system DllHost exeC Windows system DllHost exeC Users Nathan Desktop dds scr Pseudo HJT Report uStart Page hxxp www google co uk BHO Adobe PDF Link He... Read more

A:HELP!! Win32/Kryptik.BAT Trojan CANT REMOVE!!!!!!!, Trojan Dectated My NOD32 Cant remove

Hi team . sorry but i couldnt wait any longer it was just trashing my system so i rest vista with a new copy cheers for help any way (Y)

http://www.bleepingcomputer.com/forums/t/275444/help-win32kryptikbat-trojan-cant-remove-trojan-dectated-my-nod32-cant-remove/
Relevancy 67.08%

This is my first post and I do not know what I am doing. Would someone please help me remove this trojan from my computer?
 

https://forums.techguy.org/threads/trojan-keylogger-win32-fung-on-my-computer.765596/
Relevancy 67.08%

Hi,

For the last few hours I've been getting that annoying popup about this tojan which I'm sure those who are familiar with it know what I'm talking about.

I've been all over the net ing to trying to get help on how to remove it, I even got Malwarebyte's Anti-Malware which was recommended but it didnt get rid of the problem.

I know the files I need to remove are:
%UserProfile\Application Data\Google\sccmsk.dll
%UserProfile\Application Data\Google\mupd1_2_1165664.exe
%UserProfile\Application Data\Google\mupd1_2_1711951.exe

But Vista being Vista I cannot locate these annoying things anywhere, can't find them in the registry or by searching my computer, they don't even appear to be running in the processes.

Could somebody please help me???

Thank You very much
 

A:Trojan-Keylogger.Win32.fung on Vista

http://forums.techguy.org/malware-r...765274-trojan-keylogger-win32-fung-vista.html

Please do not duplicate post. It's only been a couple of hours since your first post.

Also, please review the very first thread in this section so you will know how this forum works. You didn't post a Hijack This log to your thread.
 

https://forums.techguy.org/threads/trojan-keylogger-win32-fung-on-vista.765321/
Relevancy 67.08%

I keep getting the following pop up every minutes or so Windows Security Alert To help protect tour computer Windows Freewall has blocked activity of harmful software Do you want to block suspocious software Name Trojan-Keylogger WIN FUNG Risk Level High Description Fung is a Spyware program that records keystrokes and takes screen shots of the computer i have a picture of this problem i already attached with this topic Logfile of random's system information tool written by random random Run by ir clan at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB free Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe with trojan-keylogger.win32.fung problem C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system problem with trojan-keylogger.win32.fung svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C PROGRA AVG AVG avgwdsvc exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS system nvsvc exe C WINDOWS system o flash exe C Program Files Microsoft Office Office GrooveMonitor exe C PROGRA AVG AVG avgrsx exe C WINDOWS RTHDCPL EXE C WINDOWS SkyTel EXE C WINDOWS system RUNDLL EXE C Program Files Java jre bin jusched exe C Program Files Zeallsoft Super Screen Capture SSCapture exe C PROGRA AVG AVG avgtray exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C Program Files Common Files Real Update OB realsched exe C Program Files Enigma Software Group SpyHunter SpyHunter exe C Program Files Common Files Ahead Lib NMBgMonitor exe C WINDOWS system ctfmon exe C Program Files Internet Download Manager IDMan exe C Documents and Settings ir clan Application Data Google mupd exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS problem with trojan-keylogger.win32.fung System alg exe C Program Files Internet Download Manager IEMonitor exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS system wbem wmiprvse exe C Documents and Settings ir clan Desktop RSIT exe C Program Files trend micro ir clan exe C WINDOWS system wuauclt exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie www yahoo com R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO IDMIEHlprObj Class - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO CKeyScramblerBHO Object - B F - A - - E -C B BC E - C Program Files KeyScrambler KeyScramblerIE dll O - BHO flashget urlcatch - F -AA - B - F D- A B E EF - no file O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - BHO FlashGet GetFlash Class - F E- EF- C- - BA DBA - C Program Files FlashGet getflash dll file missing O - Toolbar MSN Toolbar - E ED C- CB - d -B E -AB C C - C Program Files MSN Toolbar msneshellx dll O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA... Read more

A:problem with trojan-keylogger.win32.fung

Hello -

I don't think you read the pre-posting instructions which koala linked you to completely.

http://www.techsupportforum.com/secu...oval-help.html


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

* If you have more than one antivirus software installed, leave only ONE and uninstall the others.

* p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link




You have 2 AntiVirus, AVG8 and Avira, and Limewire. Please uninstall one AntiVirus, and Limewire.

Once you've done so, run RSIT once again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"C:\Documents and Settings\ir8clan\Desktop\RSIT.exe" /info Click on Continue.

Post the two logs produced.

http://www.techsupportforum.com/forums/f100/problem-with-trojan-keylogger-win32-fung-307659.html
Relevancy 67.08%

Hi,

For the last few hours I've been getting that annoying popup about this tojan which I'm sure those who are familiar with it know what I'm talking about.

I've been all over the net ing to trying to get help on how to remove it, I even got Malwarebyte's Anti-Malware which was recommended but it didnt get rid of the problem.

I know the files I need to remove are:
%UserProfile\Application Data\Google\sccmsk.dll
%UserProfile\Application Data\Google\mupd1_2_1165664.exe
%UserProfile\Application Data\Google\mupd1_2_1711951.exe

But Vista being Vista I cannot locate these annoying things anywhere, can't find them in the registry or by searching my computer, they don't even appear to be running in the processes.

Could somebody please help me???

Thank You very much
 

A:Trojan-Keylogger.Win32.fung on Vista

Sorry for the duplicate, I am not sure what a Hijack this log thing is so I didnt post it.
 

https://forums.techguy.org/threads/trojan-keylogger-win32-fung-on-vista.765274/
Relevancy 67.08%

Hi everybody Yesterday I had a Trojan-Keylogger WIN Fung on my Trojan-Keylogger.WIN32.Fung removed? computer I searched Trojan-Keylogger.WIN32.Fung removed? the logs on this side and ended up with the instructns how to remove it Now I ran Adaware Spybot and Malwarebytes several times and the Trojan seems to be gone as the message does not pop up anymore and no other infectons indicated However I'm not very familiar with these kind of problems and would like to be sure Maybe some expert can have a look at the Hijack file please Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Program Files Intel Intel Matrix Storage Manager IAAnotif exeC Windows RtHDVCpl exeC Program Files Synaptics SynTP SynTPStart exeC Program Files Launch Manager LaunchAp exeC Program Files Launch Manager HotkeyApp exeC Program Files Launch Manager OSD exeC Program Files Launch Manager WButton exeC Program Files Softex OmniPass scureapp exeC Program Files Home Cinema PowerDVD PDVDServ exeC Program Files Avira AntiVir PersonalEdition Classic avgnt exeC Windows System igfxtray exeC Windows System hkcmd exeC Windows System igfxpers exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Java jre bin jusched exeC Windows system igfxsrvc exeC Windows WindowsMobile wmdcBase exeC Program Files iTunes iTunesHelper exeC Program Files Windows Sidebar sidebar exeC Program Files Windows Live Messenger msnmsgr exeC Windows ehome ehtray exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files Sony Ericsson Sony Ericsson PC Suite SEPCSuite exeC Users shortbus AppData Local qsmye exeC Program Files Windows Media Player wmplayer exeC Windows ehome ehmsas exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files eMule emule exeC Users shortbus AppData Local Temp Low Google wsrdw exeC Windows system conime exeC Program Files Avira AntiVir PersonalEdition Classic avcenter exeC Program Files Internet Explorer ieuser exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC Windows system SearchFilterHost exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google de R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www aldi com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Anmelde-Hilfsprogramm - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run IAAnotif quot C Program Files Intel Intel Matrix Storage M... Read more

A:Trojan-Keylogger.WIN32.Fung removed?

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Run Scan with KasperskyPlease do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.This scan is for Internet Explorer Only.If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.Open the Kaspersky Scanner page.Click on Accept and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.You can refer to this animation by sundavis.This scanner will only scan. It does not remove any malware it finds.Save Uninstall List with HijackThisDouble click the HijackThis icon on your desktop.If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.Click Open the Misc Tools section.Under System tools, select Uninstall Manager....Near the bottom right, click Save list... and save uninstall_list.txt onto your desktop.Close out of HijackThis.Post back with uninstall_list.txt.Post back with:-the Kaspersky log-the uninstall list-a new HijackThis logPlease also tell me of any changes you have made to your computer since your topic was started.If you do not make a reply in 5 days, we will need to close your topic.With Regards,The PandaImportant Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

http://www.bleepingcomputer.com/forums/t/177964/trojan-keyloggerwin32fung-removed/
Relevancy 67.08%

Hey everyone!
My problem is that I think I have the Trojan keylooger Win 32 Fung, but I cannot locate it by searchíng manually or by using SpyHunter.

I still get those annoying popups. Since I cant find it there is no need to follow the removal instructions that contain mixing with registry keys. (?)

My log is attached.
Anyway, I hope someone will be able to help me.

Thanks in advance

// Christoffer
 

https://forums.techguy.org/threads/cannot-locate-trojan-keylogger-win32-fung.766662/
Relevancy 67.08%

Hello,
I recently removed a Trojan using anti-malware removal and I'm pretty sure that the Trojan is removed successfully because no more pop outs show up that asks me to down windows xP antivirus which is fake. However, now I am unable to connect to the Internet from my desktop. The router and modem is connected successfully but no Internet to my desktop. Ive been reading other posts and nothing has helped. I've had this problem for 2 weeks and I can't fix it! Please help!!! (I am posting this thread through my iPhone)
 

A:Can't connect to Internet after Trojan-bnk.Win32.Keylogger.gen

Ditto. And i tried to follow someone else's exact steps, but can't get on the web w my pc.
 

https://forums.techguy.org/threads/cant-connect-to-internet-after-trojan-bnk-win32-keylogger-gen.1032737/
Relevancy 67.08%

Hello all I found a trojan this morning running malwarebytes Win32.trojan.killproc.process.exe Trojan Found and another last week on avast i have been having problems with popups telling me my computer is infected and i need to download a prgramme I didn't although my wife nearly did I have run both Kaspersky and DSS and will post them below I also have a problem with my taskmanager i can open it but the toggle bar at the top has disappeared i can only see one page of all the programmes running The CPU also tends to run at a very high rate i have run a defrag although it did say before hand that i didnt need to below are the DSS and then the Kaspersky Many many thanks in advancemps oooooooops the kaspersky log was too long to post will post if required the infected files were these System Volume Information restore CC-FEB - - EA -B EBD D D RP A exe stream data Infected not-a-virus AdWare Win NaviPromo cc skipped C System Volume Information restore CC-FEB - - EA -B EBD D Trojan Found Win32.trojan.killproc.process.exe D RP Trojan Found Win32.trojan.killproc.process.exe A exe stream Infected not-a-virus AdWare Win NaviPromo cc skipped C System Volume Information restore CC-FEB - - EA -B EBD D D RP A exe NSIS infected - skipped D Documents and Settings nelly Bureau SmitfraudFix Reboot exe Infected not-a-virus RiskTool Win Reboot f skipped Deckard's System Scanner v Run by nelly on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - ComboFix created restore point - - UTC - RP - Point de v rification syst me - - UTC - RP - Point de v rification syst me - - UTC - RP - Point de v rification syst me-- First Restore Point -- - - UTC - RP - Point de v rification syst meBacked up registry hives Performed disk cleanup -- HijackThis run as nelly exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC PROGRA FICHIE AOL ACS AOLacsd exeC Program Files Fichiers communs Apple Mobile Device Support bin AppleMobileDeviceService exec APPS Powercinema Kernel TV CLCapSvc exeC Program Files CyberLink Shared Files CLML NTService CLMLServer exec APPS HIDSERVICE HIDSERVICE exeC Program Files Fichiers communs Microsoft Shared VS Debug mdm exeC Program Files CyberLink Shared Files CLML NTService CLMLService exeC Apps Softex OmniPass Omniserv exeC WINDOWS system svchost exeC Program Files Fichiers communs Ulead Systems DVD ULCDRSvr exeC WINDOWS system wdfmgr exec APPS Powercinema Kernel TV CLSched exeC Program Files Alwil Software Avast ashMaiSv exeC Apps Softex OmniPass OPXPApp exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS System alg exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS mHotkey exeC WINDOWS RTHDCPL EXEC ATI Technologies ATI Control Panel atiptaxx exeC Program Files Java jre bin jusched exeC Program Files Fingerprint Sensor ATSwpNav exeC Program Files MIC HAWAII Hawaii exeC Apps Softex OmniPass scureapp exeC Program Files Fichiers communs Ulead Systems AutoDetector monitor exeC Apps Powercinema PCMService exeC Program Files Fichiers communs Real Update OB realsched exeC WINDOWS VM STI EXEC Program Files iTunes iTunes... Read more

A:Trojan Found Win32.trojan.killproc.process.exe

Hi,D:\Documents and Settings\nelly\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skippedReboot.exe is OK. It's a command line tool, as a part of Smitfraudfix.Actually, you may remove the Smitfraudfix folder present on the desktop of the account called Nelly.For the other entries that were found, Flush your system restore points:To do this, you have to disable systemrestore and enable it afterwards again.(note: this will delete all your system restore points and malware that were present in it). How to disable system restore in XP <= click me for instructions with screenshotsAfter you disabled System Restore.... Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! Let me know if that solved your problem.

http://www.bleepingcomputer.com/forums/t/143838/trojan-found-win32trojankillprocprocessexe/
Relevancy 67.08%

depending which program i run i get messages that i have a virus trendmicro is my antispyware software and it and/or trojan.win32.vapsup and/or rid help getting Trojan.Dropper/Gen.Process of need first notified me that i had a virus my computer had been working fine maybe a bit slowly Infected file C WINDOWS system hgjTuBeg ini Virus name Possible VundoG Infected file C WINDOWS system frnyixou ini Virus name Possible VundoG Infected file C WINDOWS system hgjTuBeg ini then i ran some more scans with other programs and got this Trojan Agent Gen-MSFake C I MSVCRT DLL C WINDOWS NTSERVICEPACKUNINSTALL MSVCRT DLL Trojan Dropper Gen C WINDOWS EMFK EXE and this Summary Trojan Dropper Gen Process Company Unknown Description Trojan Dropper need help getting rid of trojan.win32.vapsup and/or Trojan.Dropper/Gen.Process and/or Gen Process Threat Level - Processes XBQMFSED EXE and this threat name trojan win vapsup i am not super familiar with how all this works but i think this is what you need need help getting rid of trojan.win32.vapsup and/or Trojan.Dropper/Gen.Process and/or for my hijack this log i hope Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Program Files Bonjour mDNSResponder exe C WINDOWS system CSHelper exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Dell QuickSet NICCONFIGSVC exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxsrvc exe C WINDOWS system igfxpers exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system dla tfswctrl exe C Program Files Java jre bin jusched exe C Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exe C WINDOWS system ctfmon exe C WINDOWS system dllhost exe C WINDOWS System svchost exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files MSN Messenger usnsvc exe C WINDOWS system wscntfy exe C Program Files MSN Messenger msnmsgr exe C Program Files AIM aim exe C Program Files uTorrent uTorrent exe C Documents and Settings bethmarkert Desktop Virus Removal Tool is-JU A is-JU A exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell com R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us R - HKCU Software Microsoft Internet Connection Wizard ShellNext http yahoo sbc com dsl R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO no name - BC E - - -B BD-BC E F - no file O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dll O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run Broadcom Wireless Manager UI C WINDOWS system WLTRAY exe O - HKLM Run SigmatelSys... Read more

https://forums.techguy.org/threads/need-help-getting-rid-of-trojan-win32-vapsup-and-or-trojan-dropper-gen-process-and-or.837561/
Relevancy 66.65%

Hi I recently uninstalled remove keylogger/trojan to how a program that my ex installed on my PC invisible keylogger The problem is regradless of the fact that i have removed the prograqm from AD REMOVE there is still stuff left behind in memory apparently Ever since I discovered this how to remove keylogger/trojan installation Mozilla firefox browser won t opn it crashes every time I try to open the broswer I have uninstalled mozilla and reinstalled on two occasions and it still crashes I want my bookmark back i m really worried here Also my PC is running too slowly that i can t even run Spy bot since it runs to slow I waited over an hr and the scan hardly progressed I m using AVG free even though I can use norton I prefer AVG Avg found the keylogger trojan and could not completely heal so everything went into the virus vault i deleted everything in there I did another scan and no infections found My PC is still infected by this keylogger program because noting has changed it s to slow Internet explorer randomly how to remove keylogger/trojan crashes now and takes for ever to open the browser I am afraid my PC will crash if I don t get assistance on how to clean this crap out I have only week to do this because I have School work that I need to submit saved on word and if anything happens to my saved work I m screwed Word has also crashed while iw as typing out some work and it repaired my work and now im worried about something happening before i get a chnace to complete my project on word which is over pages Any help would be great I can even down load a HiJackthis log if anyone is willing to help me out I will gladly make a donation for help nbsp

A:how to remove keylogger/trojan

My PC is running to slow and my firefox mozilla browser will not open, it keeps crashing when I try to open the browser. I have even tried starting mozilla in safe mode and disabled all add ons still with no luck.

Ever since I discovered this program called invisible keylogger on my PC, i noticed all my PC problems. My ex installed the keylogger on my PC. I have since uninstalled the keylogger program, but I believe there is still stuff left behind on my sytem in the registry causing problems and I don't know how to edit the registry safely.

Can someone please help me figure out why my mozilla browser keeps crashing when I try to open it up?. This happened ever since the keylogger program was installed on my PC. Even after removing the keylogger my PC is running slow and weird things happened such as random IE not responding and it opens up way to slowly. Also while I was working on word, word suddenly had to close because of a crash and it repaired what I was working on. Something also popped up about memory usage at one point in the system tray, that never happened since though.

Any help would be great on how to fix mozilla, it contains all my valuable book marks. I finally got spybot to work after doing an upgrade. But it scanned clean!? i don't understand, when I used a free version of spyware Dr it showed that I was infected with perfet keylogger and rogue something?, but it tried to ask me to pay to get the full software to remove the infected files. Any help please. i know my system has something wrong with it but both AVG and spybot say I'm clean?.

Please help before it's too late I will be happy to donate some money to your site if anyone can help fix this?.
 

https://forums.techguy.org/threads/how-to-remove-keylogger-trojan.767567/
Relevancy 66.65%

can anyone help me get rid off this trojan??

i cannot get onto internet at all.

Really driving me insane...

http://www.bleepingcomputer.com/forums/t/404156/how-tto-remove-trojan-bnk-win-32-keylogger/
Relevancy 66.22%

I have a Windows Security Alert box pop up every time I use the internet and randomly while I'm on the web. It always says something about a Trojan-spy.win32.keylogger.aa or Trojan-spy.win32.bankfraud.aa, the only option it gives is to "enable protection." But that only takes you to a website to download a fake anti-spy program. Anyone know how to get this off?

A:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Hi hawks32,Two things: First, the infection Trojan-spy.win32.keylogger.aa is a key logger. It looks for certain keystrokes and the emails them to its originator. It is designed to look for financial information. If you do on-line banking, or other financial transactions on this computer, please contact those institutions immediately and check to see if your accounts have been compromised. Here is the write up I found via Google : Trojan-Spy.Win32.KeyLogger.aaSecond, I noticed you have an open HJT log. you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusing, I am closing this topic.

http://www.bleepingcomputer.com/forums/t/165324/windows-security-alert-trojan-spywin32keyloggeraa/
Relevancy 66.22%

I have a virus that pops up and says Windows Security Alert and trojan-spy win keylogger aa or trojan-spy win bankfraud aa and a few others The only thing it lets you click on is Alert Windows Trojan-spy.win32.keylogger.aa And Security enable protection That screen then takes you Windows Security Alert And Trojan-spy.win32.keylogger.aa to a site that offers some Windows Security Alert And Trojan-spy.win32.keylogger.aa virus Windows Security Alert And Trojan-spy.win32.keylogger.aa removal software Please help Here is my hijack this log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files HP HP Software Update HPWuSchd exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Real Update OB realsched exeC Program Files Lexmark Series lxdcamon exeC WINDOWS system ctfmon exeC WINDOWS system knwbwdar exeC Program Files HP Digital Imaging bin hpqtra exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC WINDOWS system LEXPPS EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS system svchost exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS system lxdccoms exeC WINDOWS system LxrJD s exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files McAfee MSK MskSrver exeC Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exeC Program Files Sony Sony TV Tuner Library SMceMan exeC WINDOWS system svchost exeC Program Files Sony VAIO Media Integrated Server VMISrv exeC Program Files Sony VAIO Media Integrated Server Video GPVSvr exec PROGRA mcafee com agent mcagent exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exeC Program Files Viewpoint Common ViewpointService exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exeC Program Files Pure Networks Network Magic nmsrvc exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC Program Files Sony Sony TV Tuner Library RM SV exeC WINDOWS System svchost exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCs VzHardwareResourceManager VzHardwareResourceManager exeC WINDOWS System svchost exeC Program Files MSN Messenger msnmsgr exeC Program Files MSN Messenger usnsvc exeC Program Files MySpace IM MySpaceIM exeC Program Files MySpace IM MySpaceIM exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http securityresponse symantec com avcenter fix homepage R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main St... Read more

A:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello Hawks32 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Restart your computer.4. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/165308/windows-security-alert-and-trojan-spywin32keyloggeraa/
Relevancy 66.22%

I have the same problem that hawks had on August th but mine started showing up yesterday on a fake Windows Alert for Trojan-Spy Win Keylogger aa I know it is fake by the block and unblock were grayed out Now how do I get rid of this I have systematically been trying to fix this box since the th that started with the joke blushod I have downloaded and researched everything to get rid of the first one including malware It did get rid of it at first then showed back up yesterday with a lot more I ended up buying Kaspersky Internet got rid of some of the problem Then Spyware Detector got rid of some more The windows XP automatic update is failing due to requesting MicroSoft Professional location for FrontPage even though this is Windows XP Home Edition I then ran sdfix which finally grabbed the identified exe for joke blushod and deleted I then ran combofix But after combofix ran norton did not come back even after a reboot though Kaspersky s is back up I don t know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won t work I am assuming that I cleaned up more but still not all I would appreciate any help I can get to fix this issue as one of the windows updates was to fix a security breach Please help as I know this box is infected with more and I have three other computers on this home network and want to protect them

A:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Block and unblock were grayed out on what? Kaspersky virus warning?I have systematically been trying to fix this box since the 25th that started with the joke.blushod. I have downloaded and researched everything to get rid of the first one including malware. It did get rid of it at first then showed back up yesterday with a lot more.Would like a little more data here. What programs did you download and run to try and get rid of the joke BSOD?I then ran combofix. But after combofix ran norton did not come back even after a reboot though Kaspersky's is back up. I don't know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won't work I am assuming that I cleaned up more ... but still not all.Running combofix without experience with it is VERY dangerous to your system. There is a warning at the top of your post in big bright blue letters:When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.AND FINALLY, to get rid of the win32.keylogger.aa, try this:1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.2. After downloading, double-click on mbam-setup.exe to install the application.3. Follow the prompts and install.4. Before the installation completes, check on the following prompts:- Update Malwarebytes? Anti-Malware- Launch Malwarebytes? Anti-Malware5. Click ?Finish.? Program will run automatically and you will be prompt to update the program before doing a scan. Please update.6. Scan your computer thoroughly.7. When scanning is finished click on the ?Show Results?8. Make sure that all detected threats are marked, click on Remove Selected.9. Restart your computer.10. Post the MBAM log in your next reply.

http://www.bleepingcomputer.com/forums/t/165870/windows-security-alert-trojan-spywin32keyloggeraa/
Relevancy 66.22%

Thunder I ALSO have a virus that pops up and says Windows Security Alert and trojan-spy win keylogger aa or trojan-spy win bankfraud aa and a few others The only thing it lets you click Trojan-spy.win32.keylogger.aa Windows And Alert Security on is enable protection That screen then takes you to a site that offers some virus removal software I'm not sure if I should be doing the Windows Security Alert And Trojan-spy.win32.keylogger.aa same instructions that where given to hawks on August th under the same title but I have cleared my caches and temp files and generated my logs Thank Windows Security Alert And Trojan-spy.win32.keylogger.aa you in advance for any help -HIJACKTHIS Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system Windows Security Alert And Trojan-spy.win32.keylogger.aa services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system spoolsv exeC WINDOWS system rundll exeC WINDOWS system RUNDLL EXEC WINDOWS system WLTRAY exeC Program Files Dell QuickSet quickset exeC WINDOWS System DLA DLACTRLW EXEC Program Files Apoint Apoint exeC Program Files Common Files Symantec Shared ccApp exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Apoint Apntex exeC Program Files Apoint HidFind exeC WINDOWS system rundll exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Norton Ghost Agent VProTray exeC Program Files HP HP Software Update HPWuSchd exeC Program Files HP Digital Imaging bin hpqSRMon exeC Program Files SigmaTel C-Major Audio WDM stsystra exeC Program Files Java jre bin jusched exeC Program Files Common Files InstallShield UpdateService isuspm exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Pure Networks Shared Platform nmctxth exeC Program Files Pure Networks Network Magic nmapp exeC WINDOWS system ctfmon exeC WINDOWS system lgbsnihe exeC Program Files Apple iPhone Configuration Web Utility iPhoneConfigurationWebUtilityService exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS system svchost exeC WINDOWS system inetsrv inetinfo exeC WINDOWS system LxrSII s exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS system nvsvc exeC Program Files WIDCOMM Bluetooth Software BTTray exeC WINDOWS System svchost exeC Program Files CyberLink Shared Files RichVideo exeC Program Files Photodex ProShowGold ScsiAccess exeC WINDOWS system svchost exeC PROGRA Webshots Webshots scrC Program Files Viewpoint Common ViewpointService exeC Program Files Common Files Pure Networks Shared Platform nmsrvc exeC Program Files Apple iPhone Configuration Web Utility ruby bin ruby exeC WINDOWS system SearchIndexer exeC Program Files Canon CAL CALMAIN exeC WINDOWS system svchost exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC Program Files Microsoft Office OFFICE OUTLOOK EXEC Program Files Windows Live Messenger usnsvc exeC Program Files Skype Phone Skype exeC Program Files Skype Plugin Manager SkypePM exeC WINDOWS explorer exeC Program Files Mozilla Firefox firefox exeC WINDOWS system msiexec exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system lgbsni... Read more

A:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello and welcome to BC...Please download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

http://www.bleepingcomputer.com/forums/t/167011/windows-security-alert-and-trojan-spywin32keyloggeraa/
Relevancy 66.22%

Hi Can someone give me an easy fix to removing this trojan keylogger

A:found on my pc need removal instructions "trojan-bnk.win32.keylogger.gen "

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new DDS log (don't forget attach.txt)Thanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/404060/found-on-my-pc-need-removal-instructions-trojan-bnkwin32keyloggergen/
Relevancy 66.22%

Hello I keep receiving a pop up message message, pop Trojan-keylogger.WIN32.Agent. computer over. up take message which I assume is fake quot Windows Security Alert quot quot Name Trojan-Keylogger WIN Agent Trojan-keylogger.WIN32.Agent. pop up message, computer take over. quot it gives me the option to click a button if I want to quot Enable Protection quot At first my computer seemed to be running hard so I opened up the task manager to see what was running and QTTask exe was running and Trojan-keylogger.WIN32.Agent. pop up message, computer take over. I could not end task I tried downloading a couple of anti-virus software packages and I was Trojan-keylogger.WIN32.Agent. pop up message, computer take over. able to remove some infected files in safe mode but it has not resolved my problem Currently the pop up message continues but the QTTask exe is no longer running I now have internet access and the computer is working a little faster Please help I have no idea what I am doing Thank you StartupList report PM StartupList version Started from C Program Files Trend Micro HijackThis HijackThis EXE Detected Windows XP SP WinNT Detected Internet Explorer v Using default options Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS system HPZipm exe C WINDOWS System svchost exe C Program Files Common Files Sony Shared VAIO Entertainment VzCdb VzFw exe C Program Files Sony vaio media integrated server VMISrv exe C Program Files Sony vaio media integrated server Platform SV Httpd exe C Program Files Sony vaio media integrated server Platform UPnPFramework exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system wscntfy exe C Program Files Apoint Apoint exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Sony VAIO Power Management SPMgr exe C Program Files Sony HotKey Utility HKserv exe C Program Files Sony VAIO Update VAIOUpdt exe C WINDOWS System ezSP Px exe C Program Files sony vaio media integrated server Platform VMConsole exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS system ElkCtrl exe C PROGRA VERIZO SMARTB MotiveSB exe C Program Files Real RealPlayer RealPlay exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Apoint Apntex exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Sony HotKey Utility HKWnd exe C WINDOWS system ctfmon exe C DOCUME Tim LOCALS Temp defender exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Verizon Online bin mpbtn exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files HP Digital Imaging bin hpqSTE exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe -------------------------------------------------- Listing of startup folders Shell folders Common Startup C Documents and Settings All Users Start Menu Programs Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exe HP Digital Imaging Monitor lnk C Program Files HP Digital Imaging bin hpqtra exe Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE PalTalk lnk C Program Files Paltalk Messenger paltalk exe Verizon Online Support Center lnk C Program Files Verizon Online bin matcli exe -------------------------------------------------- Checking Windows NT UserInit HKLM Software Microsoft Windows NT CurrentVersion Winlogon UserInit C WINDOWS system userinit exe -------------------------------------------------- Autorun entries from Registry HKLM Software Microsoft Windows CurrentVersi... Read more

https://forums.techguy.org/threads/trojan-keylogger-win32-agent-pop-up-message-computer-take-over.841098/
Relevancy 66.22%

Approximately - days ago I started receiving a message across the screen every mins or so It looks like a Windows Firewall alert the and it? heck this I do is trojan-keylogger.win32.fung...What kill how message but I noticed that a few words in the display are misspelled like Your as in quot your computer quot is spelled Tour and instead of Firewall it says Frewall The alert tells me that I trojan-keylogger.win32.fung...What the heck is this and how do I kill it? have a Trojan-Keylogger Win fung virus or spyware worm and that it will take screenshots and keylog my info I'm getting pissed It keeps popping up and I have no idea what to do I have run Avira and SpyBot but nothing It reads like this Windows Security Alert To help protect tour computer Windows Frewall has blocked activity of harmful software Do you want to block suspocious software Name Trojan-Keylogger WIN FUNG Risk trojan-keylogger.win32.fung...What the heck is this and how do I kill it? Level High Description Fung is a Spyware program that records keystrokes and takes trojan-keylogger.win32.fung...What the heck is this and how do I kill it? screen shots of the computer So I followed some instructions and created this scan s Hope this helps Logfile of random's system information tool written by random random Run by Dolly boushey at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GB Total RAM MB free Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Avira AntiVir PersonalEdition Classic sched exe C Program Files Avira AntiVir PersonalEdition Classic avguard exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS System nvsvc exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C Program Files SigmaTel SigmaTel AC Audio Drivers stacmon exe C WINDOWS System WLTRAY exe C WINDOWS BCMSMMSG exe C WINDOWS system iprntctl exe C WINDOWS system iprntlgn exe C Program Files Java jre bin jusched exe C Program Files Avira AntiVir PersonalEdition Classic avgnt exe C WINDOWS system ctfmon exe C Documents and Settings Dolly boushey Application Data Google mupd exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files OpenOffice org program soffice exe C Program Files OpenOffice org program soffice BIN C Program Files Mozilla Firefox firefox exe C DOCUME DOLLYB LOCALS Temp Temporary Directory for gmer zip gmer exe C Documents and Settings Dolly boushey Desktop RSIT exe C Program Files trend micro Dolly boushey exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run SigmaTel StacMon C Program Files SigmaTel SigmaTel A... Read more

A:trojan-keylogger.win32.fung...What the heck is this and how do I kill it?

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Using Internet Explorer, Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.
See this link for a tutorial


Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus application is re-enabled. A reboot should have done this.

Open HijackThis (C:\Program Files\trend micro\hijackthis.exe) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it he... Read more

http://www.techsupportforum.com/forums/f100/trojan-keylogger-win32-fung-what-the-heck-is-this-and-how-do-i-kill-it-307823.html
Relevancy 65.79%

Tech Support Guy System Info Utility version OS Version Microsoft Windows XP Professional Service Pack bit Processor Intel R Pentium R D Trojan-BNK.Win32.Keylogger.gen XP Anti- Infection 2011: Spyware CPU GHz x Family Model Stepping Processor Count RAM Mb Graphics Card RADEON X SE MB HyperMemory Mb Hard Drives C Total - MB Free - MB Motherboard Dell Inc HJ CN B Antivirus McAfee Anti-Virus and Anti-Spyware Updated Yes On-Demand Scanner Enabled My computer knowledge beginner-novice I also have active Windows Defender but it s been affected by this current problem XP Anti- Spyware 2011: Trojan-BNK.Win32.Keylogger.gen Infection Noticed Windows Updates is no-where to be found in the services msc menu seems like it use to be there before but all other Windows categories appear and look appropriately set there Symptoms This problem became apparent around hours ago when this virus quot XP Anti- Spyware Trojan-BNK Win Keylogger gen quot appeared The scare pop-ups stating my computer was infected and needs their service now The fake red Windows icon appeared on my system trey on the bottom right of my desktop I never clicked on any part of their pop ups icons Just halted the processes via XP Anti- Spyware 2011: Trojan-BNK.Win32.Keylogger.gen Infection Windows Task XP Anti- Spyware 2011: Trojan-BNK.Win32.Keylogger.gen Infection Manager I did McAfee Security Center Scans The first one right after this started which showed infections But the pop-ups continued Did the second McAfee scan yesterday and it showed to have identified and corrected two issues This second scan stopped the pop ups and the false Windows Alert icon in the system tray After the second MacAfee scan seemed to clear up the problem I ran a Secunia OSI complete scan which resulted in scan error it was unable to check for Windows updates I was able to download needed Java updates but had trouble with needed Adobe Flash Player updates I then tried to download updates directly from the Microsoft Windows Update site but the process halted and gave Windows Update error x quot The website has encountered a problem and cannot display the page you are trying to view quot I Googled and found a supposed common fix to correcting this Windows Update Error number x which is START then in Run box type in exactly SYSTEMROOT SYSTEM REGSVR EXE SYSTEMROOT SYSTEM WUAUENG DLL I tried to run this as instructed and instead of executing the command up popped the Windows box Open With-Choose the program with which you want to open this file quot I m having problems related with the Windows OS I m been unable to open run exe programs using normal procedure Instead of Windows running them I get Windows box quot Open With-Choose the program with which you want to open this file quot seems to only happen while trying to open exe files Also when I try to open certain categories in my Control Panel Add Remove Programs System Info Security Center etc I get the quot C Windows System Rundll exe application not found quot message box When I try to open new Word Excel Outlook Microsoft Office programs from All Programs via the Start button I get the message box quot Application Not Found quot As time went on my system became slower and additional symptoms started to become noticeable system trey dimmed grayed out and unable to open any item on the left side of the start menu This exe problem was preventing me from providing you with a HJT and GMAR logs or running a Malwarebytes Anti-Malware scan I was able to download their programs but when I try to run the scans I get the Windows box quot Open With-Choose the program with which you want to open this file quot But then I figured out away around this problem by right clicking on these exe programs and instead of clicking on Open I clicked on Run As and it ran the program This allowed me to run a Malwarebytes Anti-Malware scan which resulted in Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Ite... Read more

Relevancy 65.79%

Hello I recently used the very helpful guide on the home page of this site to remove the fake windows security popup alerts and the associated viruses My computer has worked great for about a week but then today suddenly my computer exploded with a number of quot warnings quot and pop-ups claiming my computer was infected One particular warning showed up as a pop-up balloon on the bottom right telling me my virus protection was out of date etc Words were mispelled in the warning indicating to me it was clearly another virus I m running SUPERAntiSpyware Free addition on the infected computer right now and it has found over threats including at least seven variations computer are trojans but Trojan-Keylogger.Win32.Fung Removed more on my now of trojans These Removed Trojan-Keylogger.Win32.Fung but now more trojans are on my computer were certainly not on here a week ago when I ran this scan for the initial problem Something tells me that even though I ran SUPERAntiSpyware and Malware-bytes the last time something still remained Could this possibly be hiding Removed Trojan-Keylogger.Win32.Fung but now more trojans are on my computer in my system restore About the only thing I ve seen that could explain the issue is the need to toggle System Restore on and off after cleaning a system I m a bit leery of doing this Should I try restoring to a point three weeks ago before all these problems occurred Would that possibly take me back to a quot clean quot system Or should I trust the virus scans and malware removals that tell me my system is clean and just delete all my old system restores and start fresh I d appreciate any advice help someone can provide If someone is willing to take a look at my logs I d appreciate that too Thanks David

http://www.bleepingcomputer.com/forums/t/178886/removed-trojan-keyloggerwin32fung-but-now-more-trojans-are-on-my-computer/
Relevancy 65.36%

Mod EDIT How backdoor HELP!! win32/harnig trojan and to remove win32/rbot.gen oved to proper forum Virus Trojan Spyware and Malware Removal LogsHi I got infected by a backdoor malware and don t realy know how to remove it I saw some proccess you did with others helping HELP!! How to remove backdoor trojan win32/rbot.gen and win32/harnig them to remove so I installed the Hijackthis and got the following details Hope you can assist Thank you here are the details Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP HELP!! How to remove backdoor trojan win32/rbot.gen and win32/harnig WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Program Files Windows Defender MSASCui exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ESET ESET NOD Antivirus egui exeC Windows RtHDVCpl exeC Program Files Adobe Acrobat Acrobat acrotray exeC Program Files ATI Technologies ATI ACE Core-Static MOM EXEC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Canon MyPrinter BJMYPRT EXEC Program Files FlashGet Network FlashGet Flashget exeC Users MONA AppData Local Temp liwyfg exeC PVSW Bin w dbsmgr exeC Windows system svchost exeC Windows System svchost exeC Windows System svchost exeC Program Files Synaptics SynTP SynToshiba exeC Windows System svchost exeC Windows System svchost exeC Program Files Synaptics SynTP SynTPHelper exeC Program Files ATI Technologies ATI ACE Core-Static CCC exeC Program Files Common Files Microsoft Shared Ink InputPersonalization exeC Windows system conime exeC Windows Explorer exeC Windows System svchost exeC Windows System cmd exeC Program Files Mozilla Firefox firefox exeC Windows system SearchFilterHost exeC Program Files Trend Micro HiJackThis HiJackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co il R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - - no file R - URLSearchHook PPCBully Toolbar - e d- d - be - b e- c - C Program Files PPCBully tbPPC dllF - REG win ini load C Users MONA AppData Local Temp mspnp f exeO - Hosts localhostO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO Conduit Engine - F B -B - - B- FBA BD D - C Program Files ConduitEngine ConduitEngine dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO PPCBully Toolbar - e d- d - be - b e- c - C Program Files PPCBully tbPPC dllO - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Common Files Adobe Acrobat ActiveX AcroIEFavClient dllO - BHO FlashGetBHO - b d e -fec - d - e a- d eeb d b - C Users MONA AppData Roaming FlashGetBHO FlashGetBHO dllO - BHO Java Plug-In SSV Helper - DBC... Read more

A:HELP!! How to remove backdoor trojan win32/rbot.gen and win32/harnig

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear:
DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.extract RKUnhooker to your desktop
Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
you can get a free one from here - http://www.7-zip.org/Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".information and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3.let me know of any problems you may have had[/list]Gringo

http://www.bleepingcomputer.com/forums/t/364457/help-how-to-remove-backdoor-trojan-win32rbotgen-and-win32harnig/
Relevancy 64.93%

My thread was closed and I was told to follow the new instructions which I had read already I am using Windows Vista bit and DDS is not compatible with this OS I did a GMER scan only being able to select the three default options and results turned 64bit - Virus.Win32.FileInfector.gen Windows / Trojan.KeyLogger.origin up with zero results and no log Here is the original message for review unless there is another set of instructions for bit users I have been testing a small application called Alpha Blender which enables me to set windows transparency case to case I originally did a single file scan on Bit Defender and Kaspersky and both came up with clean results Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin However I just used TotalVirus file scanner and it came up with the results below http www virustotal com analisis Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin - Do these results mean that I do in fact have a keylogger on my system tracking my strokes I am using BlackViper tweaks minimum config so I know it may have helped Just need insight on weather or not my passwords may be compromised I have attached an HT log for review If any more information is needed I can help

A:Windows 64bit - Virus.Win32.FileInfector.gen / Trojan.KeyLogger.origin

Hi,

Quote:




Do these results mean that I do in fact have a keylogger on my system




No, not necessarily.

Programs, often do not produce the desired results on 64 bit systems.

Lets do a couple of scans to make sure you are clean.


Please do the following:


As a Vista user I will require that all the programs I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programs may fail to operate correctly


Download OTS**to your DesktopClose ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Check the box that says 64 bit
Under Additional Scans check the following:File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.


NEXT

Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

http://www.techsupportforum.com/forums/f284/windows-64bit-virus-win32-fileinfector-gen-trojan-keylogger-origin-389784.html
Relevancy 64.5%

Hey guys I had a customer today who stated that all she went to was a website to get a Halloween picture and wound up with more spyware items than I could count I wound up running Super ANTISpyware as well other BSOD, numerous Popup Security Trojan.win32.keylogger.aa, Fake issues as Spybot S amp D both times I was able to remove a lot of the problems Also after running Spybot the first Fake BSOD, Security Popup Trojan.win32.keylogger.aa, numerous other issues time I did note that it Fake BSOD, Security Popup Trojan.win32.keylogger.aa, numerous other issues did suffer from a joke BSOD someone posted about it a little while ago which was just a screen saver Also another symptom that they had was they were unable to change their background as it removed the desktop tab it changed the background picture to an ad promoting the download of a spyware remover she was also initially unable to access the taskmgr either While I believe I had removed most of it I know there still seems to be a good deal left on the system Here is a copy of the HiJackThis Log Thanks Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS System svchost exe C Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe C WINDOWS system IFXSPMGT exe C WINDOWS system IFXTCS exe C Program Files Common Files InterVideo RegMgr iviRegMgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files ProtectTools Embedded Security Software PSDsrvc EXE c Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HPQ IAM bin asghost exe C WINDOWS Explorer EXE C Program Files ProtectTools Embedded Security Software PSDrt exe C Documents and Settings All Users Application Data bilonork fofclcda exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS RTHDCPL EXE C Program Files Hewlett-Packard HP ProtectTools Security Manager PTHOSTTR EXE C WINDOWS SMINST Scheduler exe C Program Files FTR ForTheRecord TheRecordNavigatorDetector exe C WINDOWS system mspsmon exe C Documents and Settings dzawadski Local Settings Temp ttE tmp exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Adobe Acrobat Reader reader sl exe C WINDOWS system wuauclt exe C WINDOWS system kbahwbkl exe C WINDOWS system wuauclt exe C Program Files RealVNC VNC WinVNC exe C Program Files Trend Micro HijackThis HijackThis exe C PROGRA MICROS OFFICE OUTLOOK EXE R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Deptford Township R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO HP Credential Manager for ProtectTools - DF F DB- C - D - -B D EC - C Program Files HPQ IAM Bin ItIeAddIN dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run Persistence C WINDOWS system igfxpers exe O - HKLM Run ... Read more

http://www.techsupportforum.com/forums/f284/fake-bsod-security-popup-trojan-win32-keylogger-aa-numerous-other-issues-299954.html
Relevancy 64.5%

I recently bought a new laptop and after a couple of weeks decided to do my first spyware virus check When using the Yahoo antispy program it is coming up with items that need removal - Dowritn AF and email spy monitor These may have been downloaded when I added some programs stored in my back up hard drive from my last laptop before it died WHen trying to remove them using Yahoo antispy I get the message quot Cannot quarantine - administrative rights may be required to quarantine this item quot Keylogger And Spy Can't Email (dowritn Monitor) And Trojan Af Remove This I am the administrator I am the only one using the computer and always open programs with quot run as administrator quot I have looked around for info on Dowritn AF and there is very limited info and it appears none to Can't Remove This Keylogger And Trojan (dowritn Af And Email Spy Monitor) assist in removal Email spy monitor seems to be a generic term and I can t find anything on this one to assist in removal I can t remove them automatically because strangely they don t show up when I use any of the many other anti spyware antivirus programs I have at hand I have tried using the following programs Webroot Spy sweeper AVG Exterminate it Spybot search and destroy Super antispyware Avast Malware bytes anti malware Can anybody help please

A:Can't Remove This Keylogger And Trojan (dowritn Af And Email Spy Monitor)

Did Yahoo antispy provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system? If no malware is being detected by all your other security scans, then you may well be dealing with a "false positive".

http://www.bleepingcomputer.com/forums/t/157041/cant-remove-this-keylogger-and-trojan-dowritn-af-and-email-spy-monitor/
Relevancy 62.78%

A couple of days ago Win32 Trojan-gen Named A Do Off Solved: Computer!!! My Remove Trojan How Virus I I Solved: How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!! got a trojan virus on my computer and I have no idea how to remove it I use avast antivirus and got the software needed - I think - such as CWShredder Hijack This v and XoftSpy v But I dont know how use them Please give me any advice THX email protected This is my log file if needed Logfile of HijackThis v Scan saved at on - - Platform Windows SE Win x A MSIE Internet Explorer v Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MSTASK EXE C PROGRAM FILES ALWIL SOFTWARE AVAST ASHSERV EXE C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RPCSS EXE C WINDOWS SYSTEM INTERNAT EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS ptsnoop exe C WINDOWS SYSTEM STIMON EXE C PROGRAM FILES COMMON FILES CMEII CMESYS EXE C WINDOWS MXX EXE C PROGRAM FILES ALWIL SOFTWARE AVAST ASHMAISV EXE C PROGRAM FILES COREL GRAPHICS REGISTER REMIND EXE C WINDOWS TWAIN S U BX WATCH EXE C PROGRAM FILES COMMON FILES GMT GMT EXE C PROGRAM FILES PRECISIONTIME PRECISIONTIME EXE C WINDOWS SYSTEM WMIEXE EXE C WINDOWS SYSTEM RNAAPP EXE C WINDOWS SYSTEM TAPISRV EXE C HIJACKTHIS EXE R - HKCU Software Microsoft Internet Explorer Main Start Page http www wp pl R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www eu microsoft com poland R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName amp amp cza O - BHO no name - C DF A- E - E - AB -D F - C PROGRA TEXTWARE QUICKF PLUGINS IEHELP DLL O - BHO no name - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT CE READER ACTIVEX ACROIEHELPER OCX O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar DashBar Toolbar - CC CDA - A - b - EF-D CA C B - C PROGRAM FILES DASHBAR DASHBAR DLL O - HKLM Run internat exe internat exe O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run SystemTray SysTray Exe O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run CountrySelection pctptt exe O - HKLM Run PTSNOOP ptsnoop exe O - HKLM Run StillImageMonitor C WINDOWS SYSTEM STIMON EXE O - HKLM Run Zasobnik systemowy SysTray Exe O - HKLM Run CMESys quot C PROGRAM FILES COMMON FILES CMEII CMESYS EXE quot O - HKLM Run Konfigurator C WINDOWS mxx exe --start O - HKLM Run ashMaiSv C PROGRA ALWILS AVAST ashmaisv exe O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent C WINDOWS SYSTEM mstask exe O - HKLM RunServices avast C Program Files Alwil Software Avast ashServ exe O - Startup Corel Registration lnk C Program Files Corel Graphics Register Remind exe O - Startup Watch lnk C WINDOWS TWAIN S U BX WATCH exe O - Startup GStartup lnk C Program Files Common Files GMT GMT exe O - Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Startup PrecisionTime lnk C Program Files PrecisionTime PrecisionTime exe O - Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Extra context menu item amp Download by NetAnts - C PROGRA NETANTS NAGet htm O - Extra context menu item Download amp All by NetAnts - C PROGRA NETANTS NAGetAll htm O - Extra button Related HKLM O - Extra Tools menuitem Show amp Related Links HKLM O - Extra button NetAnts HKLM O - Extra Tools menuitem amp NetAnts HKLM O - IERESET INF SEARCH PAGE URL O - IERESET INF START PAGE URL O - DPF D CDB E-AE D- CF- B - Shockwave Flash Object - http active macromedia com flash cabs swflash cab O - DPF A BA E - B - D -A - C EADE - http www private-pl com private exe O - DPF CBA A -E ED- D -A E- C EADE - http www private-pl com private exe O - DPF A A - DA - DAF-B - F E E ActiveScan Installer Class - http www pandaso... Read more

A:Solved: How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!!

Hi Darekk1982

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL

O4 - HKLM\..\Run: [Konfigurator] C:\WINDOWS\mxx.exe --start

O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then go to View > Folder Options. Click on the "View" tab and make sure "Show all files" is ticked and uncheck "Hide file extensions for known file types". Click "Like Current Folder" then click "Apply" then "OK"

Now find and delete:

The C:\PROGRAM FILES\COMMON FILES\CMEII folder
The C:\Program Files\PrecisionTime folder
The C:\WINDOWS\mxx.exe file
Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
Then go here and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.
 

https://forums.techguy.org/threads/solved-how-do-i-remove-a-trojan-virus-named-win32-trojan-gen-off-my-computer.224610/
Relevancy 62.35%

OK HERES MY PROBLEM I HAVE A TROJAN VIRUS ON MY COMPUTER I HAVE NO IDEA OF HOW I GOT THERE. ITS BEEN DETECTED ON MY COMPUTER AND I HAVE BEEN TRYN ALL WEEKEND TO REMOVE IT FROM MY COMPUTER. I REALLY DONT CARE IF I HAVE 2 REMOVE IT MANUALLY OR BY SOFTWARE I REALLY WOULD LIKE 2 REPAIR IT MANUALLY RITE CAUSE I DONT HAVE NE MONEY 2 BUY SOFTWARE 2 FIX IT RITE NOW!!!!! SO IF ANY ONE CAN HELP ME CONTACT ME BY EMAIL AT [email protected]

THANKS 4 THE TIME
 

A:How Do I Remove A Trojan Virus Named Win32 Trojan-gen Off My Computer!!!

https://forums.techguy.org/threads/how-do-i-remove-a-trojan-virus-named-win32-trojan-gen-off-my-computer.215495/
Relevancy 60.2%

Hi here is my problem Everytime I download some movies or other things Win32.trojan.pws.onlinegames With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Infected by opening my computer overnight it must pop out a error window said -C Documents and setting KkianN Desktop is not accessible Not enough quota is available to process this command The icons only left on my screen were My Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames computer my network places and Internet explorer When I refresh my computer it came out the same message again this problem was occured when I opened my computer overnight by using Thunder this software to download things When I tried to shut down a message said You do not have permission to shut down this computer When I tried to use windows task manager to shut down once i click Ctrl Alt Del an application error message came out said -This application failed to initialize properly xc d Click on OK to terminate the application Then I just can reset my computer Actually I have posted in BleepingComputer com Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames gt Security gt Am I infected What do I do there Then I followed the instruction in quot Preparation Guide For Use Before Posting A Hijackthis Log quot Unfortunately i can't finish all the steps there For step I can't remove win generic pws win trojan psw delf Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames and Win trojan pws onlinegames by using Ad-aware While scanning by using spybot it stuck while scanning After that suddenly pop out a window said -Spybot-Search and destroy has detected an important registry entry that has been changed Category System Startup global entryChange Value deletedEvtry ravdh monold data C Program files Netmeeting ravdh mon exeMy decision is deny change because I don't know what is it For step it automatically turns off the Firewall although I manually turn on the Firewall For your information when I opened a program it will automatically close the program that I opened especially website such as www bleepingcomputer com So that I used another computer to post this message Here the Hijackthis log this log I copied from my infected virus computer Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC WINDOWS system nvsvc exeC WINDOWS system wdfmgr exeC WINDOWS System alg exeC WINDOWS system wscntfy exeC WINDOWS RTHDCPL EXEC WINDOWS system RUNDLL EXEC Program Files Lavasoft Ad-Aware AAWTray exeC Program Files Grisoft AVG Anti-Spyware avgas exeC WINDOWS system ctfmon exeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files Common Files Ahead Lib NMIndexingService exeC Program Files MSN Messenger usnsvc exeC WINDOWS system conime exeC Program Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS explorer exeC Program Files Spybot - Search amp Destroy SpybotSD exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeO - BHO Thunder AtOnce - AEC- FD - fd- C -E D C - C Program Files Thunder Network Thunder ComDlls TDAtOnce Now dllO - BHO ThunderBHO - D -C F - EFB- B - ECA - C Program Files Thunder Network Thunder ComDlls xunleiBHO Now dllO - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Compan... Read more

A:Infected With Dropper.agent,logger.pcap.a,win32.generic.pws,win32.trojan.psw.delf And Win32.trojan.pws.onlinegames

Hello, I had reformatted my computer since it could not open and stuck in the welcome window few days ago. So, now my computer is alright..thanks for viewing and trying to help me to fix the problem.

http://www.bleepingcomputer.com/forums/t/112093/infected-with-dropperagentloggerpcapawin32genericpwswin32trojanpswdelf-and-win32trojanpwsonlinegames/
Relevancy 59.77%

Hi I m experiencing some trouble with the email protected trojan it s causing havoc on my pc pop-ups refusing to access certain sites fake windows alerts to download dodgy-looking exe s etc Spyware Doctor Ad-aware Norton have tried but failed to remove this trojan any ideas on how to remove it Thanks HiJackThisLog Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe to WIN32 remove How Trojan C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS Explorer EXE How to remove WIN32 Trojan C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C WINDOWS system ishost exe C WINDOWS system ismini exe C WINDOWS system issearch exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcLog exe C WINDOWS system isnotify exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C WINDOWS system RUNDLL EXE C Program Files NVIDIA Corporation NetworkAccessManager bin nTrayFw exe C Program Files Common Files Symantec Shared ccApp exe C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS RTHDCPL EXE C WINDOWS System nvsvc exe C WINDOWS system LVCOMSX EXE C Program Files Spyware Doctor sdhelp exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files iolo System Mechanic Professional SMSystemAnalyzer exe C Program Files Common Files Ahead lib NMBgMonitor exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Windows Media Player wmplayer exe C WINDOWS System svchost exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcAppFlt exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS System alg exe C Program Files Common Files Symantec Shared Security Console NSCSRVCE EXE C Program Files MSN Messenger msnmsgr exe C Program Files Internet Explorer iexplore exe C Program Files Hijackthis HijackThis exe C WINDOWS System wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page O - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - C E A- F - E-B E- B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS System NvMcTray dll NvTaskbarInit O - HKLM Run nTrayFw C Program Files NVIDIA Corporation NetworkAccessManager bin nTrayFw exe O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run HP Software Update quot C Program Files HP HP Software Update HPWuSchd exe quot O - HKLM Run HP Component Manager quot C Program Files HP hpcoretech hpcmpmgr exe quot O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run RTHDCPL RTHDCPL EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run LVCOMSX C WINDOWS system LVCOMSX EXE O - ... Read more

Relevancy 59.77%

Hi The last couple of days avast keeps detecting quot Win Trojan-gen quot but doesnot delete it A help would be greatfully received Below is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C WINDOWS System SCardSvr exe C WINDOWS system RunDll exe C WINDOWS mHotkey exe C WINDOWS CNYHKey exe C PROGRA ALWILS Avast ashDisp exe C Program Files Windows Defender MSASCui exe C WINDOWS system RunDLL exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system prunnet exe C Documents and Settings mark Local Settings Application Data Google Update GoogleUpdate exe C server apache bin apache exe C Program Files Common Files Apple to remove Win32:Trojan-gen Help Mobile Device Support bin AppleMobileDeviceService exe C Program Files IVT Corporation BlueSoleil BTNtService exe C Program Files Google Common Google Updater GoogleUpdaterService exe C WINDOWS System svchost exe C Program Files Kontiki KService exe C Program Files Help to remove Win32:Trojan-gen CA SharedComponents CA LIC LogWatNT exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C WINDOWS system mdm exe C server apache bin apache exe Help to remove Win32:Trojan-gen C server mysql bin mysqld-nt exe C WINDOWS system nvsvc exe C WINDOWS system PSIService exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe C Program Files Windows Media Player WMPNetwk exe C WINDOWS system fxssvc exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wscntfy exe C WINDOWS System alg exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C WINDOWS system notepad exe C Program Files Windows NT Accessories wordpad exe C Program Files Alwil Software Avast ashSimpl exe C WINDOWS explorer exe C WINDOWS system winscenter exe C Documents and Settings mark Desktop HiJackThis exe C WINDOWS system wbem wmiprvse exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings AutoConfigURL http localhost proxy pac R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar amp Google Toolbar - C B - - d - B - A CD F - C Program Files Google Google Toolbar GoogleToolbar dll O - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exe O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run CHotkey mHotkey exe O - HKLM Run ledpointer CNYHKey exe O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit O - HKLM Run KernelFaul... Read more

https://forums.techguy.org/threads/help-to-remove-win32-trojan-gen.788872/
Relevancy 59.77%

First of all thanks for your assistance If you can excuse my summary english Suddenly AVAST began to allert about Win trojan-gen I know avast cant remove it but its allerts call my attention Suddenly the virus constructs and open internet garbage material i ve a little child so I ve already read about another similar cases but never could imagine that this worm is so hard to remove Is it really possible Thanks in advance Trojan-gen Win32: Is possible it ? to remove --------------- Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Arquivos de programas Ahead InCD InCDsrv exe C Arquivos de programas Alwil Software Avast aswUpdSv exe C Arquivos de programas Alwil Software Avast ashServ exe C Arquivos de programas GbPlugin GbpSv exe C WINDOWS system spoolsv exe C Arquivos de programas Arquivos comuns Autodesk Shared Service AdskScSrv exe C Arquivos de programas Bonjour mDNSResponder Is it possible to remove Win32: Trojan-gen ? exe C WINDOWS system DRIVERS CDANTSRV Is it possible to remove Win32: Trojan-gen ? EXE C Arquivos de programas Arquivos comuns Microsoft Shared VS DEBUG MDM EXE C Arquivos de programas Autodesk ds Max mentalray satellite raysat dsMax server exe C WINDOWS system nvsvc exe C WINDOWS system Tablet exe C Arquivos de programas Alwil Software Avast ashMaiSv exe C Arquivos de programas Alwil Software Avast ashWebSv exe C WINDOWS system WTablet TabUserW exe C WINDOWS Explorer EXE C WINDOWS system Tablet exe C Arquivos de programas Applications wcs exe C Arquivos de programas CyberLink DVD Solution PowerDVD PDVDServ exe C Arquivos de programas Ahead InCD InCD exe C ARQUIV ALWILS Avast ashDisp exe C Arquivos de programas Elaborate Bytes CloneCD CloneCDTray exe C WINDOWS system ezSP Px exe C Arquivos de programas QuickTime QTTask exe C WINDOWS system RUNDLL EXE C Arquivos de programas Analog Devices SoundMAX Smtray exe C Arquivos de programas Winamp winampa exe C Arquivos de programas PowerISO PWRISOVM EXE C Arquivos de programas Java jre bin jusched exe C WINDOWS system ctfmon exe C Arquivos de programas Spybot - Search amp Destroy TeaTimer exe C WINDOWS system rundll exe C Arquivos de programas ScannerU KYESCAN EXE C Arquivos de programas Internet Explorer iexplore exe C Arquivos de programas Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http m busca uol com br ie R - HKCU Software Microsoft Internet Explorer Main Start Page http www wings d com br forum R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook CUOLSearchHook Object - FE E- A A- B -B CE-EFFEE D - C Arquivos de programas Arquivos comuns uol urlsearch UOLSearchHook dll R - URLSearchHook Barra de Ferramentas do Yahoo com bloqueador de pop-up - EF BD -C FB- D - F- D F - C Arquivos de programas Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Arquivos de programas Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Arquivos de programas Adobe Acrobat ActiveX AcroIEHelper dll O - BHO IE to GetRight Helper - FF D- A - A-A EF- BA A E - C Arquivos de programas GetRight xx gr dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Arquivos de programas Spybot - Search amp Destroy SDHelper dll O - BHO no name - FCD AC-B - EF -BD E-C EFBFB - C WINDOWS system ljJYSMFU dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Arquivos de programas Java jre bin ssv dll O - BHO G-Buster Browser Defense - C A C E-EA C- D -B B - - C ARQUIV GbPlugin gbieh dll O - Toolbar Barra UOL - BBFC A- C- -A DF-DDA C C - C Arquivos de programas UOL Barra UOL ubp dll O - Toolbar Barra de Ferramentas do Yahoo com bloqueado... Read more

A:Is it possible to remove Win32: Trojan-gen ?

please help!
 

https://forums.techguy.org/threads/is-it-possible-to-remove-win32-trojan-gen.760344/
Relevancy 59.77%

i got this trojan last night and keep getting all these pop ups to remove? trojan-spy.win32 how i look in some other trojan-spy.win32 how to remove? post and downloaded the hijack thing trojan-spy.win32 how to remove? here is the file from the notepad what do i next Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system csrss exe C WINNT system trojan-spy.win32 how to remove? winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system Ati evxx exe C WINNT system svchost exe C WINNT system spoolsv exe C WINNT System svchost exe C WINNT system hidserv exe C Program Files Network Associates Common Framework FrameworkService exe C Program Files Network Associates VirusScan Mcshield exe C Program Files Network Associates VirusScan VsTskMgr exe C PROGRA NETWOR COMMON naPrdMgr exe C WINNT system regsvc exe C WINNT system MSTask exe C WINNT system stisvc exe C WINNT System WBEM WinMgmt exe C WINNT system svchost exe C WINNT system Ati evxx exe C WINNT Explorer EXE C WINNT system wuauclt exe C Program Files Network Associates Common Framework UpdaterUI exe C Program Files Network Associates VirusScan SHSTAT EXE C Program Files iTunes iTunesHelper exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files ANI ANIWZCS Service WZCSLDR exe C Program Files iPod bin iPodService exe C Program Files D-Link AirPlus G AirGCFG exe C Program Files Hewlett-Packard HP Software Update HPWuSchd exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files ATI Multimedia RemCtrl ATIRW exe C WINNT system rundll exe C WINNT System svchost exe C Program Files PCODEC isamonitor exe C Program Files WebCamDV wcdvtray exe C Program Files PCODEC pmsngr exe C Program Files PCODEC pmmon exe C Program Files PCODEC isamini exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Hijackthis HijackThis exe O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - a f- ae- b - -ffe c d - C Program Files PCODEC isaddon dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar amp Radio - E - F- D - E- A C - C WINNT system msdxm ocx O - Toolbar no name - BA B -B - c -B - F F - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Protection Bar - fe d c -c db- b e- -af cb f - C Program Files PCODEC iesplugin dll O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run McAfeeUpdaterUI quot C Program Files Network Associates Common Framework UpdaterUI exe quot StartedFromRunKey O - HKLM Run Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUp O - HKLM Run ShStatEXE quot C Program Files Network Associates VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run ANIWZCS Service C Program Files ANI ANIWZCS Service WZCSLDR exe O - HKLM Run D-Link AirPlus G C Program Files D-Link AirPlus G AirGCFG exe O - HKLM Run HP Software Update quot C Program Files Hewlett-Packard HP Software Update HPWuSchd exe quot O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKLM Run ICQ Lite quot C Program Files ICQLite ICQLite exe quot -minimize O - HKLM Run WinampAgent C Program Files Winamp winampa exe O - HKLM Run OWCWebCamDV C WINNT system wcdvtray exe O - HKLM Run AntivirusGolden C Program Files AntivirusGolden AntivirusGolden exe h O - HKLM RunOnce MigrateMMDrivers rundll exe mmsys cpl... Read more

A:trojan-spy.win32 how to remove?

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

Whne you post a new log make sure in notepad you go to FORMAT and check word wrap
 

https://forums.techguy.org/threads/trojan-spy-win32-how-to-remove.497004/
Relevancy 59.77%

Kapersky found trojan win bho abo under filename quot auth dll quot in help trojan.win32.bho.abo remove Please to folder C windows system auth dll but Kapersky could not disinfect or delete it Please help to Please help to remove trojan.win32.bho.abo remove Thanks a lot Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C Program Files Dell QuickSet quickset exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ATI Technologies ATI ACE cli exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Dell MediaDirect PCMService exe C Program Files Vietkey VKNT EXE C Program Files Corel Corel Snapfire Plus Corel Photo Downloader exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files Yahoo Search Protection SearchProtection exe C Program Files Dell Support DSAgnt exe C WINDOWS system ctfmon exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Digital Line Detect DLG exe C PROGRA Yahoo MESSEN ymsgr tray exe C Program Files Microsoft SQL Server Tools Binn sqlmangr exe C Program Files Microsoft Office Office msoffice exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C Program Files ATI Technologies ATI ACE cli exe C WINDOWS eHome ehmsas exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo Common yiesrvc dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO SSVHelper C... Read more

A:Please help to remove trojan.win32.bho.abo

Hello quannguyen1997,

Welcome to TSG. 1997 eh? A good year for you there? Some tough infection showing here, so let's start repairs.

Be sure to temporarily disable any protective software when running the scan tools we use here, especially Kaspersky.

Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log as well as a new HijackThis log please.
 

https://forums.techguy.org/threads/please-help-to-remove-trojan-win32-bho-abo.660680/
Relevancy 59.77%

After start the laptop hidden host exe is consuming a lot of resources until crash I can see and kill it with procesexplorer from Sysinternals I can t activate Windows Firewall Malwarebytes show an error at coomputer start up and Virus.Win32.ZAccess.q | trojan.win32.agent2.faav | trojan-Dropper.win32.injector.ciwr more When I start GMER it shows an error it is attached Here the logs of DDS and GMER DDS Ver - - - NTFSx Internet Explorer BrowserJavaVersion Run by sebastian at on - - Microsoft Windows Enterprise GMT - SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q system svchost exe -k LocalService C Program Files NVIDIA Corporation Display NvXDSync exe C Windows system svchost exe trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q -k NetworkService C Windows system FBAgent exe C Program Files ASUS ATK Package ATK Hotkey ASLDRSrv exe C Program Files ASUS ATK Package ATKGFNEX GFNEXSrv exe C Windows System spoolsv exe C Program Files Common Files Adobe ARM armsvc exe C Windows system svchost exe -k apphost C Windows System svchost exe -k trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q LocalServiceNoNetwork C Windows system svchost exe -k LocalServiceAndNoImpersonation C Windows system svchost exe -k hpdevmgmt C Windows system inetsrv inetinfo exe C Program Files KTS daemon exe C Program Files Intel Intel reg Management Engine Components LMS LMS exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn msftesql exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Windows System svchost exe -k HPZ C Program Files NVIDIA Corporation NVIDIA Updatus daemonu exe C Windows System svchost exe -k HPZ c Program Files Common Files Protexis License Service PsiService exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Program Files TeamViewer Version TeamViewer Service exe C Program Files Common Files VMware USB vmware-usbarbitrator exe C Windows system vmnat exe C Program Files WireLessTelNet WireLessTelNetProxyServer WireLessTelNetProxyServer exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files WireLessDesigner WS Bin WSServerSvc exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files WireLessDesigner WS Bin V WSServerSvcV exe C Program Files WireLessDesigner WS Bin WSStarterSvc exe C Program Files WireLessDesigner WS Bin V WSStarterSvcV exe C Program Files VMware VMware Workstation vmware-authd exe C Windows system vmnetdhcp exe C Windows system taskeng exe C Windows system taskhost exe C Program Files P G BatteryLife exe C Program Files ASUS ASUS Live Update ALU exe C Program Files ASUS Net Switch Net Switch exe C Program Files ASUS SmartLogon sensorsrv exe C Program Files ASUS Splendid ACMON exe C Windows system wbem wmiprvse exe C Windows System ACEngSvr exe C Program Files ASUS ATK Package ATK Hotkey HControl exe C Windows system wbem wmiprvse exe C Program Files ASUS ATK Package ATK Hotkey ATKOSD exe C Program Files ASUS ATK Package ATK Hotkey WDC exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Elantech ETDCtrl exe C Program Files ASUS Wireless Console wcourier exe C Windows WindowsMobile wmdc exe C Program Files Common Files Java Java Update jusched exe C Windows system svchost exe -k WindowsMobile C Windows System igfxtray exe C Windows System hkcmd exe C Windows System ig... Read more

A:trojan-Dropper.win32.injector.ciwr | trojan.win32.agent2.faav | Virus.Win32.ZAccess.q

Hello sebamobile, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.

http://www.bleepingcomputer.com/forums/t/446842/trojan-dropperwin32injectorciwr-trojanwin32agent2faav-viruswin32zaccessq/