Windows Support Forum

MS Juan, MS Tracker and more...

Q: MS Juan, MS Tracker and more...

I seem to have the MS Juan and MS Tracker amongst other things going on with my machine since yesterday. I have since ran malwarebytes, ad aware and spybot. They all find and kill stuff but I am still getting trojan popups from Avast, as well as returning ms juan and tracker in malwarebytes.

This is the first time this has happened to me and I am unsure of what to do next to try to clean my machine up, any help would be greatly appreciated. I can post logs of my previous scans if you wish.

Thank you.

Relevancy 100%
Preferred Solution: MS Juan, MS Tracker and more...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: MS Juan, MS Tracker and more...

Here was my first scan last night
Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

1/15/2009 8:32:34 PM
mbam-log-2009-01-15 (20-32-34).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 214716
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
E:\WINDOWS\system32\geBrOedb.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\qvorpbdt.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\khfCvUnO.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3eb56daa-bd88-46ee-80c8-0bca5d5d6455} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcvuno (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\gebroedb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\gebroedb -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\geBrOedb.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\bdeOrBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\bdeOrBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\qvorpbdt.dll (Trojan.Vundo.H) -> Delete on reboot.
E:\WINDOWS\system32\tdbprovq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\khfCvUnO.dll (Trojan.Vundo) -> Delete on reboot.
E:\System Volume Information\_restore{9F4254F0-F22C-4037-BBDD-83DC8D29CE95}\RP749\A0053668.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\pfcgmddk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\hgGxXrom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
And my last quick scan today:

Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 5.1.2600 Service Pack 3

1/16/2009 2:05:17 PM
mbam-log-2009-01-16 (14-05-17).txt

Scan type: Quick Scan
Objects scanned: 64833
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

http://www.bleepingcomputer.com/forums/t/195711/ms-juan-ms-tracker-and-more/
Relevancy 41.28%

I've used Excite.com for years but with in the last few days I have noticed that a feature of theirs Stock Tracked is missing! Anyone happen to know if this is permanent?
 

http://www.techspot.com/community/topics/excite-com-stock-tracker-missing.147085/
Relevancy 41.28%

Need help! I have a advantage database program called Manheim tracker 3.097..been working fine until restart on 1/27. Program wouldn"t start up . A ( COMPANY ADT) file error.What is this?Where did it go? Any one fimiliar with this program.?
 

A:Manheim tracker data problem

Does this link help?
Recovery Toolbox
 

http://www.techspot.com/community/topics/manheim-tracker-data-problem.142147/
Relevancy 40.85%

Hello everyone here at MalwareTips We are working on our web filter which will can help Filter block collect Let's Web ad/tracker - servers MHT to you to keep the trackers away and block ads Also it will stop malware from communicating with the C amp C server s if the domain name is already in our database We won t release technical details for now later hopefully within - weeks in an other thread So we want to make the ad tracker servers list completely community based We will include everything what you report after checking if it s appropriate So feel free to report as MHT Web Filter - Let's collect ad/tracker servers to block much domains as you want and we will check and add all appropriate ones How a report should look like Example Domain google-analytics com Domain googletagservices com Click to expand Example If you can please use this method this makes verifying easier Link google-analytics com analytics js Link googletagservices com tag MHT Web Filter - Let's collect ad/tracker servers to block js gpt js Click to expand If you want to reply just to ask about the software or the system behind it don t do it as we won t tell anything now Thank you for understanding Thanks for everyone who will help us Moderator note The only replies to this thread should be those reporting a domain using the provided examples amp above Use the CODE tags for long lists All other replies will be deleted including questions nbsp

A:MHT Web Filter - Let's collect ad/tracker servers to block

Code:

Domain:0638.info
Domain:2mdn.net
Domain:2o7.net
Domain:8digits.com
Domain:aadserving.com
Domain:adadvisor.net
Domain:adasist.com
Domain:adcash.com
Domain:adcater.com
Domain:adform.net
Domain:adfox.ru
Domain:adhood.com
Domain:adlure.net
Domain:admost.com
Domain:adnexio.com
Domain:adnxs.com
Domain:adobedtm.com
Domain:adocean.pl
Domain:adplxmd.com
Domain:adpozitif.com
Domain:adprotected.com
Domain:adrazzi.com
Domain:adroll.com
Domain:adrttt.com
Domain:ads1-adnow.com
Domain:ads2-adnow.com
Domain:adscale.de
Domain:adslidango.com
Domain:adsniper.ru
Domain:adtech.com
Domain:adtech.de
Domain:adzerk.net
Domain:affsnetwork.com
Domain:ajansreklam.net
Domain:alephd.com
Domain:amazon-adsystem.com
Domain:amplifinder.biz
Domain:amung.us
Domain:atemda.com
Domain:bambar.net
Domain:bbelements.com
Domain:beelert.com
Domain:betburdaaffiliates.com
Domain:bizographics.com
Domain:bkrtx.com
Domain:bluekai.com
Domain:bounceexchange.com
Domain:chango.com
Domain:chartbeat.com
Domain:clicktale.net
Domain:cmcore.com
Domain:connextra.com
Domain:contextweb.com
Domain:coremetrics.com
Domain:cpatrendreklam.com
Domain:crazyegg.com
Domain:creativecdn.com
Domain:criteo.com
Domain:criteo.net
Domain:crwdcntrl.net
Domain:cxense.com
Domain:da-ads.com
Domain:demdex.net
Domain:dimml.io
Domain:directrev.com
Domain:doubleclick.net
Domain:dtscout.com
Domain:effectivemeasure.net
Domain:en25.com
Domain:engageya.com
Domain:ero-advertising.com
Domain:escinteractive.com
Domain:etracker.com
Domain:exelator.com
Domain:faggrim.com
Domain:flashtalking.com
Domain:flix360.com
Domain:flixcar.com
Domain:flixfacts.com
Domain:hit.gemius.pl
Domain:getshar.es
Domain:gigya.com
Domain:go-mpulse.net
Domain:google-analytics.com
Domain:googleadservices.com
Domain:googlesyndication.com
Domain:gravityrd-services.com
Domain:happilyswitching.net
Domain:histats.com
Domain:hitgelsin.com
Domain:hotjar.com
Domain:ibillboard.com
Domain:ilividnewtab.com
Domain:indexww.com
Domain:infolinks.com
Domain:junbi-tracker.com
Domain:kiosked.com
Domain:kissmetrics.com
Domain:krxd.net
Domain:leetmedia.com
Domain:liftdna.com
Domain:ligatus.com
Domain:likebtn.com
Domain:linkz.net
Domain:liverail.com
Domain:m6r.eu
Domain:mads.com
Domain:madsone.com
Domain:marinsm.com
Domain:marketo.net
Domain:med4ad.com
Domain:mediaplex.com
Domain:medyanetads.com
Domain:metaffiliation.com
Domain:metrics34.com
Domain:mgid.com
Domain:mlstat.com
Domain:mobisla.com
Domain:mobytrks.com
Domain:msads.net
Domain:myswitchads.com
Domain:netaffiliation.com
Domain:netbookmedia.com
Domain:netmng.com
Domain:newrelic.com
Domain:nexage.com
Domain:nr-data.net
Domain:nuggad.net
Domain:oclaserver.com
Domain:oclasrv.com
Domain:omtrdc.net
Domain:onclasrv.com
Domain:onclickads.net
Domain:onlinewebstat.com
Domain:onlinewebstats.com
Domain:openx.net
Domain:optimizely.com
Domain:oringmedia.com
Domain:oroll.com
Domain:oxcdn.com
Domain:parsely.com
Domain:perfectaudience.com
Domain:petametrics.com
Domain:pingdom.net
Domain:pixenka.com
Domain:pmelon.com
Domain:popads.net
Domain:popmarker.com
Domain:pradma.com
Domain:prfct.co
Domain:promoviral.com
Domain:pub2srv.com
Domain:pubmatic.com
Domain:pxlad.io
Domain:qservz.com
Domain:quantserve.com
Domain:regadsgx.com
Domain:reklamaction.com
Domain:reklamalan.com
Domain:reklampazar.com
Domain:reklamport.com
Domain:reklamstore.com
Domain:reklamz.com
Domain:reviveservers.com
Domain:revsci.net
Domain:rubiconproject.com
Domain:sail-horizon.com
Domain:say.ac
Domain:sayyac.com
Domain:scarabresearch.com
Domain:scorecardresearch.com
Domain:segmentify.com
Domain:serve-sys.com
Domain:serving-sys.com
Domain:skinected.com
Domain:smaclick.com
Domain:smartadserver.com
Domain:sociomantic.com
Domain:sonobi.com
Domain:statcounter.com
Domain:strands.com
Domain:stroeerdigitalmedia.de
Domain:studads.com
Domain:struq.com
Domain:supert.ag
Domain:swbdds.com
Domain:tapfiliate.com
Domain:triggit.com
Domain:tynt.com
Domain:uzmanreklam.com
Domain:uzreklam.com
Domain:veeseo.com
Domain:virgul.com
Domain:visilabs.com
Domain:visilabs.net
Doma... Read more

https://malwaretips.com/threads/mht-web-filter-lets-collect-ad-tracker-servers-to-block.46693/
Relevancy 41.71%

Hey Team I am not to sure if this would be the right place to seek help for my issue neways GUYS i am time Idle tracker having a hard time in my organization there is a new application installed on every employees system which is Idle time tracker known as the quot time tracker quot NOw the concern is that if you do not touch the keyboard or the mouse for min it counters a idle time and then adds up to my break time i do not have admin rights to research on it and also my tried effort went in vain I created autorefresh java html script it did not work it refreshed but did not help in idle time Tried website redirect again disappointment it redirects but again did not help in idle time i would be GLAD can you guys can help me find a solution to over come the idle time OS- winxp sp i have restrictions as i am on domain group policy

A:Idle time tracker

Hi and welcome to TSF

I guess, in this day in age, be thankful you have job. I guess the "boss" expects you work since he/they are paying you.

What you are asking we can't help. You basically asking for a work around a
restriction that has been placed on you PC or a requirment of the employer.

Please take the time to review our rules again, they can be found here in case you missed it:

http://www.techsupportforum.com/rules.php

Closing this post.

BG

http://www.techsupportforum.com/forums/f10/idle-time-tracker-471292.html
Relevancy 42.14%

Hi, I was wondering if any has heard of a facebook tracker that allows you to see what people have viewed your profile, and if it is out there what are the steps to get it? thanks.

Keith

A:Facebook Tracker

im almost 100% sure there is no such thing. you might be able to see the ips of the people but i dont htink so.

http://www.techsupportforum.com/forums/f10/facebook-tracker-137791.html
Relevancy 41.28%

Hi,

I'm looking for a simple Windows Vista desktop software that runs in the background that just keeps a log of the time that my laptop is on and running. I just want something to track the number of hours I work each day. I don't need to keep track of the tasks. And I don't want to have to turn on and turn off the program -- I want it to be completely automatic (but not a memory hog).

I've searched download.com. But all the software there seems quite complicated (ie, it requires me to enter in tasks, etc). Perhaps I searched the wrong thing (I searched "desktop time tracker").

Does anyone know of anything like this?

Thanks for the advice.

A:Looking for simple time tracker software

Hi, in XP it used to tell you "system uptime" now it records only "system boot time" still you can easily work out how long you have been on. Go to start accessories and right click on command prompt select "run as administrator" at the prompt type:- systeminfo press enter

http://www.techsupportforum.com/forums/f217/looking-for-simple-time-tracker-software-334151.html
Relevancy 39.99%

I got a few viruses. I think it started when I fell for the VirusRemover2008 ruse. I got rid of that and Rapid Antivirus, as well as the unwanted URL files. I'm not sure if Super Juan is the only thing left, but it's clear I can't get rid of it. The symptoms are unwanted browser windows, and sometimes a hang after I click my name on the login screen.

I tried MalwareBytes and SuperAntiVirus with the PC in Safe Mode and rebooted after each run. Super Juan is back in the registry every time. I also ran HijackThis but don't want to guess which items to fix.

Any help would be appreciated.

A:Super Juan won't go away[MOVED FROM WINDOWS]

Try scanning the computer with your virus software again and this time, make a note of the path where the virus is located. Go into safe mode and delete them manually.

Also if you can get your hands on a program called ERD commander I highly recommend. If you do, bootup the computer with ERD commander and delete the virus using the program.

http://www.techsupportforum.com/forums/f50/super-juan-wont-go-away-moved-from-windows-332765.html
Relevancy 39.13%

Have tried everything to get rid of this Computer is behaving extremely slow Watching movies is not possible Freezes to frame by frame play after - minutes Any CPU vundo/MS usage/slow running..possible help High JUAN..Please help would be appreciated Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP High CPU usage/slow running..possible vundo/MS JUAN..Please help WinNT MSIE Internet Explorer v SP High CPU usage/slow running..possible vundo/MS JUAN..Please help Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C CFusionMX runtime bin jrunsvc exe C CFusionMX db slserver bin swagent exe C CFusionMX runtime bin jrun exe C CFusionMX db High CPU usage/slow running..possible vundo/MS JUAN..Please help slserver bin swstrtr exe C Program Files Intel Wireless Bin ZcfgSvc exe C CFusionMX db slserver bin swsoc exe C CFusionMX verity k nti bin k admin exe C WINDOWS Explorer EXE C PROGRA Intel Wireless Bin XConfig exe C WINDOWS System svchost exe C Program Files Java jre bin jqs exe C mysql bin mysqld-nt exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C CFusionMX verity k nti bin k server exe C CFusionMX verity k nti bin k index exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Microsoft IntelliPoint point exe C Program Files Java jre bin jusched exe C Program Files Windows Media Player WMPNSCFG exe C Program Files Microsoft ActiveSync wcescomm exe C PROGRA MI AA rapimgr exe C Program Files Digital Line Detect DLG exe C Program Files Logitech SetPoint SetPoint exe C WINDOWS BricoPacks Vista Inspirat YzToolbar YzToolBar exe C Program Files Common Files Logishrd KHAL KHALMNPR EXE C WINDOWS system wuauclt exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C WINDOWS system RUNDLL EXE C Documents and Settings maurice Local Settings Application Data Opera Opera profile cache temporary download VundoFix exe C Program Files Opera opera exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywaybiz R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL about blank R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO no name - C F - - - -B DC AC E - C WINDOWS system tuvWpNfD dll file missing O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - Toolbar Winamp Toolbar - EBF BA - - c a- B-BB F D DE - C Program Files Winamp Toolbar winamptb dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet Wireless O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run Kernel and Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run ... Read more

A:High CPU usage/slow running..possible vundo/MS JUAN..Please help

DDS (Version 1.0) - NTFSx86
Run by maurice at 19:31:04.75 on Sun 12/07/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1506 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\maurice\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\maurice\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\maurice\startm~1\programs\startup\y'ztoo~1.lnk - c:\windows\bricopacks\vista inspirat\yztoolbar\YzToolBar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0... Read more

http://www.techsupportforum.com/forums/f50/high-cpu-usage-slow-running-possible-vundo-ms-juan-please-help-321262.html
Relevancy 42.14%

Hi,sorry for multi-posting,i did not realise that messages cannot be deleted, this is the actual post for my problem(ignore other posts by me). I received a few friend requests from an official well known chat group. These requests are being send through by its official site to my hotmail.However there are notices that pop ups when i clik accept the friend requests.These notices seek for my permission to allow access to my DNS,keyboard and mouse. I do not know whether my computer is infected. I need help in removing these tracking programs juz to make sure the information in my computer is safe.Thanks

http://www.techsupportforum.com/forums/f284/help-in-removing-dns-tracker-496721.html
Relevancy 40.42%

Hi can someone please take a look at juan Possible trojan infection my hjt log and advise I have problems with IE either not connecting or being redirected and am also receiving some strange system alerts and also slow and sluggish performance when Possible juan trojan infection opening programs Any Possible juan trojan infection help would be gratefully accepted Hjt log Possible juan trojan infection as follows Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Windows RtHDVCpl exe C Windows System rundll exe C Windows System rundll exe C Program Files Alwil Software Avast ashDisp exe C Program Files Java jre bin jusched exe C Program Files PowerISO PWRISOVM EXE C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Packard Bell SetUpMyPC SmpSys exe C Program Files Creative Sync Manager Unicode CTSyncU exe C Program Files Windows Media Player wmpnscfg exe C Program Files uTorrent uTorrent exe C Windows System rundll exe C Windows System rundll exe C Windows system wbem unsecapp exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Windows system WerCon exe C Windows system Macromed Flash FlashUtil b exe C Users Danny Desktop HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http format packardbell com cgi-bi amp key IESTART R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar no name - D - - -A B -AEFAF AB - no file O - HKLM Run RtHDVCpl RtHDVCpl exe O - HKLM Run NvSvc RUNDLL EXE C Windows system nvsvc dll nvsvcStart O - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartup O - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInit O - HKLM Run avast C PROGRA ALWILS Avast ashDisp exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SystemTraySD C Program Files SpywareDetector SDSystemTray exe -AUTO O - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run PE CKFNT SE C Program Files Ulead Systems Ulead Photo Express SE ChkFont exe O - HKLM Run SDAutoLiveupdate C Program Files SpywareDetector LiveUpdateSD exe -AUTO O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXE O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKCU Run SmpcSys C Program Files Packard Bell SetUpMyPC SmpSys exe O - HKCU Run CTSyncU exe quot C Program Files Creative Sync Manager Unicode CTSyncU exe quot O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exe O - HKCU Run EPSON Stylus Photo R Series C Windows system spool DRIVERS W X E FATIBNE EXE FU quot C Users Danny AppData Local Temp E S D tmp quot EF quot HKCU quot O - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKCU Run MSServer rundll exe C Users Danny AppData Local Temp ddcYppmn dll O - HKCU Run cmds rundll exe C Users Danny AppData Local Temp ssqQjJYr dll c O - HKCU Run BM d a d Rundll exe quot C Users Danny AppData Local Temp abkuedkm dll quot s O - HKUS S-... Read more

http://www.techsupportforum.com/forums/f284/possible-juan-trojan-infection-240894.html
Relevancy 42.14%

I feel that someone is monitoring me I have a couple of emails address that I can not log into from yahoo I was wondering if there is some type of software that can track someone tracking tracker monitioring my computer For example win-spy is a monitoring spyware that allows the remote tracking tracker user into your computer when you are online It has keylogging snapshots email tracking and other things for a person to track you For now I have keylogg hunter and spy cop installed on my computer But win-spy states it can stop anti-spyware What can I do I am just average user HIJACJTHIS LOG Logfile of HijackThis v Scan saved at tracking tracker AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C tracking tracker WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS system winlogon exe C WINDOWS Explorer EXE C WINDOWS system rundll exe C Program Files CA eTrust Internet Security Suite caissdt exe C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVTray exe C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVRID exe C WINDOWS System spool DRIVERS W X LMPDPSRV EXE C Program Files Common Files AOL ee AOLSoftware exe C Program Files Messenger msmsgs exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files Lexmark X LEX SU exe C Program Files Keylogger Hunter KeyloggerHunter exe C DOCUME David LOCALS Temp Temporary Directory for hijackthis zip HijackThis exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run BluetoothAuthenticationAgent rundll exe bthprops cpl BluetoothAuthenticationAgent O - HKLM Run CaISSDT quot C Program Files CA eTrust Internet Security Suite caissdt exe quot O - HKLM Run CaAvTray quot C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVTray exe quot O - HKLM Run CAVRID quot C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus CAVRID exe quot O - HKLM Run LMPDPSRV C WINDOWS System spool DRIVERS W X LMPDPSRV EXE O - HKLM Run HostManager C Program Files Common Files AOL ee AOLSoftware exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - Startup Keylogger Hunter lnk C Program Files Keylogger Hunter KeyloggerHunter exe O - Global Startup Acrobat Assistant lnk C Program Files Adobe Acrobat Distillr acrotray exe O - Global Startup Lexmark X Settings Utility lnk C Program Files Lexmark X LEX SU exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - DPF A E - F C- DD -ADE - FAB ctlProductChecker ProductChecker - http bcontractors safeguardpropert uctChecker cab O - DPF AB CE -AC F- F- -D ABCA EC Get ActiveX Control - https h www hp com ewfrf-JAV oadManager ocx O - Service CAISafe - Computer Associates International Inc - C Program Files CA eTrust Internet Security Suite eTrust EZ Antivirus ISafe exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service VET Message Service VETMSGNT - Computer Associates International Inc - C Program Files CA eTrust Internet Security Suite eTrus... Read more

A:tracking tracker

Download WinPFInd http://www.bleepingcomputer.com/file...r/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo http://www.geekstogo.com/downloads/Trackqoo.zip
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.!


Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

So I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log

http://www.techsupportforum.com/forums/f284/tracking-tracker-89396.html
Relevancy 41.28%

Hi, recently i came across a few notices on asking me for permission to access my mouse and screen when i accept buddy request from an online chatgroup web. I'm not sure whether my computer is affected by it but i would like to know how to remove these so as to make sure that my computer is safe. Thanks.

A:Help in removing mouse and screen tracker sent by others

Hello and welcome to TSF.


Quote:




recently i came across a few notices on asking me for permission to access my mouse and screen when i accept buddy request from an online chatgroup web.




You should not allow anybody to access your computer remotely unless you know and trust the person 100%.

If you suspect that they may have infected your computer , we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f100/help-in-removing-mouse-and-screen-tracker-sent-by-others-510807.html
Relevancy 40.85%

Hello please disregard or delete my tracker-blue screen Trojan-cookies previous post as I don't think I followed your procedures correctly as I posted from work and was rushing I am experiencing vista blue screen which Trojan-cookies tracker-blue screen I guess is from downloading Photoshop not the one that's installed now though through LIMEWIRE now uninstalled and possibly accepting an end user agreement by accident called 'netnucleus' which I think transferred a TROJAN I ran Mcafee and it picked this trojan up and I deleted it but forgot the name of the trojan Ran mcafee again and it said clean Still blue screened Ran Windows Defender and it said clean still blue screened so I ran dumpchk on the minidump with debugging tools and it gave me probably caused by Mpfp sys Mpfp seems to be a mcafee driver as in - c pograms mcafee FWdriver Mpfp sys amp in - drivers c windows system I uninstalled Mcafee Still blue screened Ran debugging tool dumpchk on the new minidump file and it gave me probably caused by ntoskrnl exe nt e b Which I have been advised is a legitimate program I then downloaded SPYBOT and it picked up 'webtrends' a cookie collecting application removed ran Spybot and said clean Still blue screened System does seem to be alot more stable but still blue screens now and then PLEASE HELP I have attached the correct zip files now and here's the DDS log DDS Ver - - - NTFSx Run by Dan at on Internet Explorer Microsoft Windows Vista Home Premium GMT SP Spybot - Search and Destroy disabled Updated ED FAF- B F- B -ACA - E C DADBE SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system agrsmsvc exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe C Program Files Bonjour mDNSResponder exe C Windows system svchost exe -k bthsvcs C Program Files Intel WiFi bin EvtEng exe C Program Files Common Files LightScribe LSSrvc exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files CyberLink Shared Files RichVideo exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows system taskeng exe C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Program Files Spybot - Search amp Destroy SDWinSec exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Samsung Easy Display Manager dmhkcore exe C Windows system taskeng exe C Windows System igfxpers exe C Windows RtHDVCpl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files SAMSUNG EasySpeedUpManager EasySpeedUpManager exe C Program Files Samsung Samsung Magic Doctor MagicDoctorKbdHk exe C Program Files Samsung EBM EasyBatteryMgr exe C Windows system igfxext exe C Windows system igfxsrvc exe C Program Files iPod bin iPodService exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Mobile Broadband Connect AutoUpdateSrv exe C Users Dan AppData Local Google Chrome Application chrome exe C Windows TEMP xktvuldwto exe C Windows system UI Detect exe C Windows sy... Read more

A:Trojan-cookies tracker-blue screen

I just though I'd update this post.

I understand it may push back it being looked at though.

Just ran updated Windows Defender and it found this.


Trojan:Win32/winwebsec

Alert Level: Severe

Category:
Trojan

Description:
This program is dangerous and executes commands from an attacker.

Advice:
Remove this software immediately.

Resources:
file:
C:\Windows\Temp\ xktvuldwto.exe

file:
C:\ProgramData\19214044\19214044.exe



Also this file tried/caused this window pop up...

***********************************************************
interactive secrices dialog detection.

a program can't display a mssage on your desktop.
the program may need information or permission to complete a task.

*show me the message

*remind me in a few minutes


program(s) or device(s) requesting attention...

Message title: Crytical Error!
Program Path: c:\windows\temp\xktvuldwto.exe
received 35th July 2009, 14:01:27
This problem happened because of a partial incopatibility with windows.
please contact the program or device manufacturer(s) for more information.


***********************************************************

The trojan it found is also in the dds log..

xktvuldwto can be found in 'Running Processes' near the bottom.

And

19214044 can be found in 'Created Last 30' at the top.

Which you guys already probably spotted!

Sorry if this update has upset anyone as it may been seen as a bump but i understand that it the older posts that seen to first. I really appreciate what you guys do and hope you can still resolve this as I'm sure my registry has damage.


Thanks all!

http://www.techsupportforum.com/forums/f100/trojan-cookies-tracker-blue-screen-398428.html
Relevancy 39.99%

Sorry for the long post but I am going to be as specific as I can since my computer is in a horrible state My computer recently had the prunnet virus I scanned with several different things to get rid of it and found that my computer was infected with the MS - a Juan horrible state in computer MS Juan virtumonde virus as well After taking some advice from other forums I thought I had gotten rid of MS Juan This was a month or two ago and now just this week my mother informed me that our AVG anti-virus has been disabled My first thoughts were oh no the virus is back I told her to open her task manager so I could see what was running MS Juan - computer in a horrible state but it said it has been disabled by the administrator I know that is another sign of a virus I do not know enough about computers to know what to do from here I tried to reinstall AVG but kept getting installation errors so I tried to get into the registry to clean it up but it closed immediately with an error that I could barely read After starting it several times and reading little chunks of the error each time I found that it read- Cannot open super juan error while opening key Another MS Juan - computer in a horrible state thing I noticed is that when I am on the computer doing random things playing a game or whatever I will hear an error sound but I see MS Juan - computer in a horrible state nothing running and there is no error message It will also tab me out of full screen applications randomly but I don t see anything new running I read the instructions on your forum of what logs to get but I cannot run DDS or GMER DDS starts I see the box but then it closes immediately I cannot run Hijackthis either I was instructed on another forum to do a combofix scan and get the log I wasn t able to run it until I changed the name to FixIt exe The guy that is trying to help me said it would be a few days and it didn't even seem like he read what I was saying and I m just wondering if I can get any quicker help It seems to be getting worse I cannot get any antivirus on my computer it starts up VERY sluggish taking mins before it responds after start up and now my connection to internet sites will randomly stop working If I click on links they won t load or nothing will happen at all I cannot connect to games at this time either When I first start the connection I can get to sites just fine but then it randomly stops working if I wait a few minutes sometimes I am able to get to sites again At the same time I am using yahoo messenger and or Ventrilo and the connections there are fine I also can no longer start in safe mode I hope I can get help with this virus as it seems to be getting worse fast Is there anything I can do myself This is an old machine not really worth taking in If I cannot remove this virus I will need to buy a whole new computer so hopefully I can get some help

A:MS Juan - computer in a horrible state

Today I got two errors-

87.exe Application Error
The application failed to initialize properly (0xc0000005). Click okay to terminate the application.


56.exe
56.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.



Quote:




ComboFix 09-01-21.04 - Laura 2009-01-24 5:37:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2634 [GMT -6:00]
Running from: c:\documents and settings\Laura\Desktop\FixIt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Daniel\Application Data\FunWebProducts
c:\program files\Common Files\uninstall information
c:\program files\windows
c:\program files\windows\FONTS\TAHOMA.TTF
c:\program files\windows\FONTS\TAHOMABD.TTF
c:\program files\windows\HELP\AGT0409.HLP
c:\program files\windows\HELP\WZCNFLCT.CHM
c:\program files\windows\HH.EXE
c:\program files\windows\INF\AGTINST.INF
c:\program files\windows\MEDIA\OFFICE2K\APPLAUSE.WAV
c:\program files\windows\MEDIA\OFFICE2K\CAMERA.WAV
c:\program files\windows\MEDIA\OFFICE2K\CARBRAKE.WAV
c:\program files\windows\MEDIA\OFFICE2K\CASHREG.WAV
c:\program files\windows\MEDIA\OFFICE2K\CHIMES.WAV
c:\program files\windows\MEDIA\OFFICE2K\CLAP.WAV
c:\program files\windows\MEDIA\OFFICE2K\DRIVEBY.WAV
c:\program files\windows\MEDIA\OFFICE2K\DRUMROLL.WAV
c:\program files\windows\MEDIA\OFFICE2K\EXPLODE.WAV
c:\program files\windows\MEDIA\OFFICE2K\GLASS.WAV
c:\program files\windows\MEDIA\OFFICE2K\GUNSHOT.WAV
c:\program files\windows\MEDIA\OFFICE2K\LASER.WAV
c:\program files\windows\MEDIA\OFFICE2K\PROJCTOR.WAV
c:\program files\windows\MEDIA\OFFICE2K\RICOCHET.WAV
c:\program files\windows\MEDIA\OFFICE2K\TYPE.WAV
c:\program files\windows\MEDIA\OFFICE2K\WHOOSH.WAV
c:\program files\windows\MSAGENT\AGENTANM.DLL
c:\program files\windows\MSAGENT\AGENTCTL.DLL
c:\program files\windows\MSAGENT\AGENTDP2.DLL
c:\program files\windows\MSAGENT\AGENTDPV.DLL
c:\program files\windows\MSAGENT\AGENTMPX.DLL
c:\program files\windows\MSAGENT\AGENTPSH.DLL
c:\program files\windows\MSAGENT\AGENTSR.DLL
c:\program files\windows\MSAGENT\AGENTSVR.EXE
c:\program files\windows\MSAGENT\AGTCTL15.TLB
c:\program files\windows\MSAGENT\AGTINTL.DLL
c:\program files\windows\MSAGENT\INTL\AGT0409.DLL
c:\program files\windows\MSAGENT\MSLWVTTS.DLL
c:\program files\windows\MSDFMAP.INI
c:\program files\windows\SHELLNEW\BINDER.OBD
c:\program files\windows\SHELLNEW\EXCEL9.XLS
c:\program files\windows\SHELLNEW\PWRPNT9.POT
c:\program files\windows\SHELLNEW\WINWORD8.DOC
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\config.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-23 15:56 . 2009-01-23 15:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 15:56 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-23 15:56 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-23 15:48 . 2009-01-23 15:48 204 --a------ c:\program files\37E5DM1B.bat
2009-01-23 15:47 . 2009-01-23 15:48 <DIR> d-------- c:\program files\Bazooka Scanner
2009-01-23 15:27 . 2009-01-23 15:27 10,520 --------- c:\windows\SYSTEM32\avgrsstx.dll
2009-01-23 13:49 . 2009-01-23 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-2... Read more

http://www.techsupportforum.com/forums/f100/ms-juan-computer-in-a-horrible-state-340406.html
Relevancy 42.14%

Besides these two I also seem to have Elite toolbar and Sasser last nite as well I have done spybot Adaware Adaware is coming up clean Spybot cannot seem to finish quarantining the files found above I am on different machine currently Sex Adaware and A Tracker as my IE cannot work I'm not even running IE and I'm getting popups sounds like Elite is back ARRRRGHHHH Please review HJT Sex Tracker and A Adaware Log and give me some help pleeeeaaase I'm in China on business and Laptop is my only link to work etc Logfile of Sex Tracker and A Adaware HijackThis v Scan saved at AM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes Sex Tracker and A Adaware C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C WINNT System Ati evxx exe C PROGRA SYMANT SYMANT DefWatch exe C WINNT System svchost exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C PROGRA SYMANT SYMANT Rtvscan exe C WINNT system regsvc exe C WINNT system MSTask exe C WINNT System WBEM WinMgmt exe C WINNT system svchost exe C WINNT system userinit exe C WINNT system Atiptaxx exe C PROGRA SYMANT SYMANT vptray exe C WINNT system ctfmon exe C Program Files EarthLink TotalAccess TaskPanl exe C WINNT DvzCommon DvzMsgr exe C Program Files WinZip WZQKPICK EXE C Program Files Linksys Wireless-B Notebook Adapter WPC Cfg exe C Program Files Palm HOTSYNC EXE C WINNT explorer exe C Program Files Microsoft Office Office WINWORD EXE C WINNT system cmd exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer SearchURL http searchmiracle com sp php R - HKCU Software Microsoft Internet Explorer Main Default Page URL http start earthlink net R - HKCU Software Microsoft Internet Explorer Main Default Search URL http www earthlink net partner mor on search html R - HKCU Software Microsoft Internet Explorer Main Search Bar http searchmiracle com sp php R - HKCU Software Microsoft Internet Explorer Main Search Page http searchmiracle com sp php R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www earthlink net partner mor on search html F - REG system ini UserInit userinit exe userinit exe O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run AtiPTA Atiptaxx exe O - HKLM Run vptray C PROGRA SYMANT SYMANT vptray exe O - HKCU Run ctfmon exe ctfmon exe O - HKCU Run E TaskPanel quot C Program Files EarthLink TotalAccess TaskPanl exe quot -winstart O - Startup HotSync Manager lnk C Program Files Palm HOTSYNC EXE O - Global Startup Dataviz Messenger lnk C WINNT DvzCommon DvzMsgr exe O - Global Startup WinZip Quick Pick lnk C Program Files WinZip WZQKPICK EXE O - Global Startup Wireless-B Notebook Adapter Utility lnk C Program Files Linksys Wireless-B Notebook Adapter WPC Cfg exe O - HKCU Software Policies Microsoft Internet Explorer Control Panel present O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - DPF BAC - DD- - D- A E D A Yahoo Photos Easy Upload Tool Class - http us dl yimg com download yaho opper us cab O - DPF E E E - AA - D -ABA - AA C GpcContainer Class - https partminer webex com client v ex ieatgpc cab O - Service Ati HotKey Poller - Unknown owner - C WINNT System Ati evxx exe O - Service CWShredder Service - Unknown owner - D CWShredder exe file missing O - Service DefWatch - Symantec Corporation - C PROGRA SYMANT SYMANT DefWatch exe O - Service Logical Disk Manager Administrative Service dmadmin - VERITAS Software Corp - C WINNT System dmadmin exe O - Service Symantec AntiVirus Client Norton AntiVirus Server - Symantec Corporation - C PROGRA SYMANT SYMANT Rtvscan exe O - Service Remote Administrator Service r server - Unknown owner - C WINNT system r server exe qu... Read more

A:Sex Tracker and A Adaware

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro-europe.com/ente...all_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers.

Go to Start->Run and type in services.msc and hit OK. Then look for Remote Administrator Service (r_server) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINNT\system32\userinit32.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINNT\system32\userinit32.exe - delete the file exactly as shown here
C:\WINNT\system32\r_server.exe

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

http://www.techsupportforum.com/forums/f100/sex-tracker-and-a-adaware-49119.html
Relevancy 41.71%

What is Tracker.Marinsm.com?  Everytime I search for something everything slows down and I see that in the Address Bar.
 
Malware doesn't get rid of it.
 
Help!

A:http://tracker.marinsm.com?

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

http://www.bleepingcomputer.com/forums/t/589703/httptrackermarinsmcom/
Relevancy 42.14%

I am running windows vista. I have ran multiple different virus scans and spyware/malware scans and still have this "piece of paper image" that shadows my cursor every so often. (picture attached). It happens mainly on facebook. I do not play any games, etc and I keep my virus scanner up to date etc. I am thinking it is some kind of tracker????? but I ran rootkit scanners and it didnt solve my problem. Please help. Thanks.

A:Tracker? Virus?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.To attach a file select the "More Reply Option" and follow the instructions.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/540477/tracker-virus/
Relevancy 40.85%

Greetings First time poster here at BC affiliate conduit, potential others. tracker, diysimplify, com having some issues affiliate tracker, diysimplify, conduit, potential others. with browser trackers and toolbar hijacks and possably some malware issues related to conduit or other unhealthy services When I open firefox my default browser I get tabs that open showing the diysimplfy toolbar instructions and constant firefos has prevented a page from opening error with an occasional blank affiliate tracker, diysimplify, conduit, potential others. page that opens with the affiliate tracker, diysimplify, conduit, potential others. affiliate mintracker address that pops up I've done some preperatory fix attempts using MBAM and Anti-rootkit as well as some logs As per the BC com preperation guide I've posted the DDS log below and attatched the attatch zip as well noticing familure known malwar hijacks - conduit visualbee Unsure of punkbuster and jetpack Or how to remove these issues It's been many years since I've been forced to clean up this bad of a mess Thanks in advance for your time and effort in looking over my log and I look forward to further instructions Cheers DDS Ver - - - NTFS x Internet Explorer BrowserJavaVersion Run by josie hoyt at on - - Microsoft Windows Vista Home Basic GMT - SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system SLsvc exe C Windows system WLANExt exe C Windows System spoolsv exe C Program Files Common Files Adobe ARM armsvc exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Malwarebytes' Anti-Malware mbamservice exe C Windows system PnkBstrA exe C Windows system rpcnet exe C ProgramData Skype Toolbars Skype C C Service c c service exe C Windows system SearchIndexer exe C Windows system RUNDLL EXE C Windows System WUDFHost exe C Windows system taskeng exe C Windows System alg exe C Windows system SearchProtocolHost exe C Windows system wbem wmiprvse exe C Program Files Malwarebytes' Anti-Malware mbamgui exe C Windows system Dwm exe C Windows Explorer EXE C Windows system SearchFilterHost exe C Program Files DellTPad Apoint exe C Program Files Common Files Java Java Update jusched exe C Windows System rundll exe C Windows System rundll exe C Program Files McAfee Security Scan SSScheduler exe C Program Files TimeLeft TimeLeft exe C Windows system taskeng exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Windows system taskeng exe C Program Files DellTPad ApMsgFwd exe C Program Files IObit Game Booster gbtray exe C Program Files DellTPad Apntex exe C Program Files DellTPad HidFind exe C Windows system igfxsrvc exe C Windows system wbem WMIADAP EXE C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows system svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system svchost exe -k LocalServiceAndNoImpersonation Pseudo HJT Report uStart Page hxxp www google com uSearch Bar hxxp www google com uURLSearchHooks D D D - F D- C-B C -E F B - lt orphaned gt BHO MSS Identifier E A AD- D - EB- D D- EF A - c program files mcafee security scan McAfeeMSS IE dll BHO Java Plug-In SSV Helper BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO Skype Browser Helper AE - E C- ED - F B-F F A - c program files skype toolbars internet explorer skypeieplugin dll BHO Office Document Cache Handler B F A - E - -BA - B E FF - c... Read more

A:affiliate tracker, diysimplify, conduit, potential others.

Hello jingbadguy I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.-Junkware-Removal-Tool-Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running.Gringo

http://www.bleepingcomputer.com/forums/t/510676/affiliate-tracker-diysimplify-conduit-potential-others/
Relevancy 41.71%

Hello -- my brand new XPS with Windows and McAfee is infected with malware The symptom is a browser window will Redirector or with Infected Tracker automatically open randomly Infected with Tracker or Redirector and redirect me to some strange site like quot s histats com quot quot v a com quot quot forex-brokers com quot etc I ve put each in my hosts file to prevent this but I still would like to remove the malware I ve already downloaded or run many antivirus software packages including Kaspersky Eset Ad-Aware Spybot Malwarebytes and some of the custom-written apps from this site Each one either does not detect anything or reports a different name or type of malware virus MBAM calls it quot Trojan Agent quot and quot Malware Trace quot and can t remove it upon numerous reboots Kaspersky calls it quot Trojan Spy HTML Fraud quot Eset calls it quot Variant of Worm Ainslot aa quot and can t remove it Nothing seems to work In each case I can run a bunch of tools and things appear better in Safe Infected with Tracker or Redirector Mode but after restarting into quot regular quot mode I see the random browser window try to open and new scans with MBAM show the malware is back The worst part is my paid installation of McAfee doesn t report a thing During one scan I think Kaspersky found a trojan in my inbox so I deleted my inbox and uninstalled Thunderbird and even that didn t work so here I am Saying you guys are busy is probably the understatement of the year but I am stuck I wanted to fix this on my own and I still have one bullet in the gun where I can wipe the disk and start over but I d rather not as I would need to back up several gigs of personal stuff first then of course put all that stuff back -- and those files may be infected too If you can help me out I would sincerely appreciate it

A:Infected with Tracker or Redirector

I ended up wiping my disk and starting all over.For those interested, I had what I believe to be two infections. One was a Trojan that somehow arrived from an "Amazon 20% off" coupon or offer in my Thunderbird inbox; Kaspersky seemed to get rid of that one.The other one was a spyware tracker that was logging my keystrokes and putting them in various files named "nnn" or "o". It was also attached to an executable named, "svhost.exe" which lived in a few places, at least two were "C:\Users\<user_name>\AppData\Roaming\microft" and "C:\Users\<user_name>\AppData\Roaming\sohft". There was also a process that would run which was linked to this tracker. I don't remember the name exactly but it was something like "nc1rtrc1.exe" with no additional info and a couple of keys that lived in my registry in a folder named "VB and VBA ..." something and a couple of other places.This piece of crap could not be removed by any software tool but was reliably detected by Malwarebytes as "Malware.Trace", but only when MBAM was run from standard mode (Safe Mode did not produce reliable scan results). Eset could also detect it but could not remove it either. This is all for Windows 7 on a PC, too. XP and other systems may be different.I was hoping the team at MBAM would have an update to get rid of it. I'm sure after a short time they will but anyway I chose the extreme option. I did lose some data but that's okay. It was disappointing not to see this elevated to a "current threat" on some of the more popular A/V websites but I suppose since it's not "destructive" per se it won't be given a lot of attention. Also, I uninstalled McAfee because I found it virtually useless, annoying with its reappearing desktop icon and pop-up messages, restricted configuration scanning and updating options and buggy interface when operating in Safe Mode -- and I paid for it. I will be buying MBAM and Avast; hopefully that combo will keep the system protected.Hope this helps anyone needing more info.

http://www.bleepingcomputer.com/forums/t/438540/infected-with-tracker-or-redirector/
Relevancy 35.26%

Logfile of Trend Micro HijackThis v Scan installed a software Do computer? on have my tracker i computer saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer Do i have a computer tracker software installed on my computer? v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe c Program Files Do i have a computer tracker software installed on my computer? Microsoft Security Client Antimalware MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG mdm exe C Program Files Common Files Intuit QuickBooks QBCFMonitorService exe C Program Files Common Files Intuit DataProtect QBIDPService exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system SearchIndexer exe C WINDOWS Explorer EXE C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C WINDOWS RTHDCPL EXE C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Adobe Acrobat Acrobat Acrotray Do i have a computer tracker software installed on my computer? exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Microsoft Security Client msseces exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Java Java Update jusched exe C WINDOWS system ctfmon exe C Program Files AIM aim exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files Microsoft Office Office ONENOTEM EXE C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C Program Files iPod bin iPodService exe C Program Files Internet Explorer iexplore exe C Program Files iTunes iTunes exe C Program Files Internet Explorer iexplore exe C Program Files Alexa Toolbar AlexaToolbarSSB dll C Program Files Common Files Apple Mobile Device Support AppleMobileDeviceHelper exe C Program Files Common Files Apple Apple Application Support distnoted exe C Program Files Common Files Intuit DataProtect IntuitDataProtect exe C Program Files Common Files Intuit DataProtect IBuEngHost exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Mozilla Firefox firefox exe C Program Files Intuit QuickBooks qbw exe C Program Files Intuit QuickBooks qbhelp exe C Program Files Internet Explorer iexplore exe C WINDOWS system msiexec exe C WINDOWS system wscntfy exe C Program Files Trend Micro HijackThis HiJackThis exe C Program Files Internet Explorer iexplore exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www s comp com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http developer intel com design motherbd regionalsoftware EN htm DG EC O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files TechSmith Snagit SnagitBHO dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO ContributeBHO Class - C DC - - A A- D-C C - C Program Files Adobe Adobe Contribute CS contributeieplugin dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Off... Read more

A:Do i have a computer tracker software installed on my computer?

HiyaAs its been a few days since you posted the log, can you post an OTL log for me:Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topicRegardseddie

http://www.bleepingcomputer.com/forums/t/407158/do-i-have-a-computer-tracker-software-installed-on-my-computer/
Relevancy 42.14%

Hello Hope You guys can help I have ran Malwarebyte Spybot McAfee and still having passwords changed Also made the Attach and the DDS files but could not run RootRepeal keeps locking up the computer Its a Alienware Keylogger/tracker Possible computer running Possible Keylogger/tracker windows XP Any help would be greatly appericated Thanks John TendaDDS Ver - - - NTFSx Run by Owner at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV McAfee VirusScan On-access scanning enabled Updated B EE - - CDE-A A-DD BA FAD FW McAfee Personal Firewall enabled B - C F- -BDA - CA DA E Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exesvchost exeC Program Files Possible Keylogger/tracker Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Bigfoot Networks Killer Driver PortManager exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee MPF MPFSrv exeC WINDOWS Explorer EXEc PROGRA mcafee com agent mcagent exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exec Program Files Microsoft SQL Server Shared sqlwriter exesvchost exeC WINDOWS system svchost exe -k imgsvcC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS system RUNDLL EXEC WINDOWS system ctfmon exeC Program Files Bigfoot Networks Killer Driver KillerTray exeC Program Files Logitech SetPoint SetPoint exeC Program Files Logitech SetPoint II SetpointII exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS system dllhost exeC WINDOWS System svchost exe -k HTTPFilterC WINDOWS eHome ehmsas exeC Program Files Lavasoft Ad-Aware AAWTray exeC PROGRA McAfee VIRUSS mcsysmon exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MBK McAfeeDataBackup exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Owner My Documents Downloads dds scr Pseudo HJT Report mSearchAssistant hxxp www google com iemURLSearchHooks H - No FileBHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dllBHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dllBHO Windows Live Toolbar Helper bdbd dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllBHO x - No FileTB CCC A -B CA- -B A - F DD - No FileTB Windows Live Toolbar bdad dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dllTB A A -BACC- D - - A E E - No FileTB D C F- A- -A AD- D - No FileuRun NVIDIA nTune quot c program files nvidia corporation ntune nTuneCmd exe quot clearuRun ctfmon exe c windows system ctfmon exemRun ehTray c windows ehome ehtray exemRun RTHDCPL RTHDCPL EXEmRun Alcmtr ALCMTR EXEmRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartupmRun nwiz nwiz exe installmRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInitmRun Kernel and Hardware Abstraction Layer KHALMNPR EXEmRun mcagent exe quot c program files mcafee com agent mcagent exe quot runkeymRun McAfee Backup quot c program files mcafee mbk McAfeeDataBackup exe quot mRun Malwarebytes Anti-Malware reboot quot c program files malwarebytes' anti-malware mbam exe quot runcleanupscriptStartupFolder c docume alluse startm programs startup launch lnk - c prog... Read more

A:Possible Keylogger/tracker

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREElle

http://www.bleepingcomputer.com/forums/t/280790/possible-keyloggertracker/
Relevancy 40.42%

Any Help Ms Vundo, Juan Virtumonde, Computer is Freaking Out ogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC WINDOWS System SCardSvr exeC WINDOWS Mixer exeC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exeC Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exeC Program Files PowerISO PWRISOVM EXEC Program Files Virtumonde, Vundo, Ms Juan Grisoft AVG Anti-Spyware avgas exeC Program Files Common Files Real Update OB realsched exeC Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeC Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC Program Files Spyware Doctor pctsTray exeC Program Virtumonde, Vundo, Ms Juan Files Spybot - Search amp Destroy TeaTimer exeC WINDOWS system ctfmon exeC Program Files Virtumonde, Vundo, Ms Juan Common Files ArcSoft Connection Service Bin ACService exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC WINDOWS system wscntfy exeC Program Files iPod bin iPodService exeC Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exeC WINDOWS System alg exeC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC Documents and Settings MOTZ ROCK Desktop HijackThis exeC WINDOWS System wbem wmiprvse exeC Program Files Symantec LiveUpdate AUpdate exeC PROGRA Symantec LIVEUP LUCOMS EXER - HKCU Software Microsoft Internet Explorer Main Start Page http google com igR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - DB C - - A B-BE D- D E E C C - C WINDOWS system geBtUlJd dll file missing O - BHO no name - D CB -C CD- c f-BFDC- B AFBDC C - no file O - BHO no name - BB-D F - C-B EB-D DAF D D - no file O - BHO no name - D EAA - D - FFD-B - A F E - no file O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - BHO no name - F BC E-D D- B F- -C D FE - no file O - HKLM Run C-Media Mixer Mixer exe startupO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run RoxioDragToDisc quot C Program Files Roxio Easy Media Creator Drag to Disc DrgToDsc exe quot O - HKLM Run RoxWatchTray quot C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe quot O - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXEO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run ArcSoft Connection Service C Progra... Read more

A:Virtumonde, Vundo, Ms Juan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/259684/virtumonde-vundo-ms-juan/
Relevancy 36.12%

When doing google searches in Firefox or IE the links will get redirected when clicked on When the redirect is happening www search-tracker net appears in the bottom bar of firefox and the page displayed is wrong If I www.search-tracker.net search in redirected Links get google / results copy the link from the page right click copy link location and paste it into the tile bar it always works correctly AVG does not show any issues Comcast cable network offers free install of McAfee Links in google search results get redirected / www.search-tracker.net security suite that I use to run When this issue showed up I found I could no longer do a virus scan with McAfee as the computer would reboot when the scan started All the management functions of McAfee worked fine but start a scan and the computer reboots I uninstalled McAfee and installed AVG AVG did one round of cleaning and now can't Links in google search results get redirected / www.search-tracker.net find anything I don't remember what AVG found other then tracking cookies If it leaves a log behind that may still be around I have tried to install and run Malwarebytes' Anti-Malware It seems to install fine but will not run Double click the icon Links in google search results get redirected / www.search-tracker.net and nothing I have uninstalled and reinstalled several times but nothing Never tries to do the update either I have uninstalled and reinstalled Firefox but that did not help I just copied the the mbam exe file to a new name and double clicked that and it started up Cool I have attached the attach txt file The Malwarebytes run finished Trogan Agent was found I have attached that log file also I will send this and then have Malwarebytes remove it I will then see if Malwarebytes needs updating and will run again Thanks in advance for any help Dean Here is the DDS log DDS Ver - - - NTFSx Run by highmuck at on Thu Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C WINDOWS system RUNDLL EXE C Program Files Lexmark Z Series ezprint exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Hewlett-Packard Digital Imaging bin hposol exe C Program Files Palm HOTSYNC EXE C Program Files Hewlett-Packard Digital Imaging bin hpoevm exe svchost exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C PROGRA VCOM Fix-It mxtask exe C PROGRA VCOM Fix-It mxtask exe C WINDOWS system lxdpcoms exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system svchost exe -k netsvcs C WINDOWS system nipalsm exe C Program Files iPod bin iPodService exe C WINDOWS eHome ehmsas exe C WINDOWS system dllhost exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files IrfanView i view exe C Program Files Mozilla Thunderbird thunderbird exe C Program Files Mozilla Firefox firefox exe C WINDOWS system NOTEPAD EXE C Documents and Settings highmuck Desktop Downloads dds scr P... Read more

A:Links in google search results get redirected / www.search-tracker.net

Hello dchoyt,Uninstall these old versions of Java, as they are malware magnets. Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java™ SE Runtime Environment 6Java™ SE Runtime Environment 6 Update 1We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member. You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running. To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop.. Post the log from ComboFix in your next reply,A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

http://www.bleepingcomputer.com/forums/t/238280/links-in-google-search-results-get-redirected-wwwsearch-trackernet/
Relevancy 41.28%

having similar google hijackthis search-tracker.net LOG problems as others i see try to click on links i google only to be redirected here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system svchost exeC PROGRA AVG AVG avgwdsvc exec program files mcafee com agent mcdetect exec PROGRA mcafee com agent mctskshd exeC WINDOWS system HPZipm exeC WINDOWS system sdpasvc exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeC Program Files Linksys WUSB GSCv WLService exeC Program Files Linksys WUSB GSCv WUSB GSC exeC PROGRA AVG AVG avgemc exeC PROGRA AVG AVG avgrsx exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC WINDOWS System alg exeC WINDOWS system ICO EXEC Program Files Common Files Real Update OB realsched exeC PROGRA AVG AVG avgtray exeC WINDOWS google search-tracker.net hijackthis LOG system ctfmon exeC Program Files SmartPCTools Registry Repair Wizard google search-tracker.net hijackthis LOG RCHelper exeC WINDOWS system FSRremoS EXEC Program Files Mozilla Firefox firefox exeC PROGRA AVG AVG avgnsx exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Spyware Doctor pctsTray exeC Program Files AVG AVG avgui exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis analyze exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR google search-tracker.net hijackthis LOG - HKCU Software Microsoft Internet Explorer Main Search Bar http home peoplepc com searchR - HKCU Software Microsoft Internet Explorer Main Start Page http home peoplepc com websearchR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http home peoplepc com searchR - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - BHO isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - Toolbar isoHunt Toolbar - a e a eb-d - e - - fcbafe - C Program Files isoHunt tbisoH dllO - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLLO - HKLM Run Mouse Suite Daemon ICO EXEO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKLM Run MCUpdateExe c PROGRA mcafee com agent mcupdate exeO - HKLM Run ISTray quot C Program Files Spyware Doctor pctsTray exe quot O - HKCU Run updateMgr quot C Program Files Adobe Acrobat Reader AdobeUpdateManager exe quot AcRdB -reboot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run Registry Repair Wizard Scheduler... Read more

A:google search-tracker.net hijackthis LOG

FW: Kaspersky Anti-Hacker *enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\tomP\Application Data\Google\Shell32.dllc:\documents and settings\tomP\Application Data\inst.exec:\documents and settings\tomP\nah_log.datc:\windows\a3kebook.inic:\windows\akebook.inic:\windows\ANS2000.INIc:\windows\bhookpl.dllc:\windows\system32\_000005_.tmp.dllc:\windows\system32\_000006_.tmp.dllc:\windows\system32\_000007_.tmp.dllc:\windows\system32\bszip.dllc:\windows\system32\drivers\MSIVXxlmxowsejdvjmxneoirttakmwkmtqgwq.sysc:\windows\system32\MSIVXcountc:\windows\system32\MSIVXlclkoddocmiyykiigvifclpxladwdamm.dllc:\windows\system32\MSIVXyvhxnuairljmwdbelkpsybsalnlqpvuu.dllc:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_MSIVXserv.sys((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))))).2100-02-08 22:03 . 2001-05-11 17:39 53248 -c--a-w- c:\program files\ACMonitor_X73.exe2009-07-08 15:04 . 2009-06-26 19:07 -------- d--h--w- C:\$AVG8.VAULT$2009-07-08 14:59 . 2009-07-08 14:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-07-08 14:59 . 2009-07-08 14:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys2009-07-08 14:59 . 2009-07-08 14:59 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-07-08 14:59 . 2009-07-08 14:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-07-08 14:58 . 2009-06-30 15:23 -------- d-----w- c:\windows\system32\drivers\Avg2009-07-08 14:58 . 2009-06-08 17:06 -------- d-----w- c:\documents and settings\tomP\Application Data\AVGTOOLBAR2009-07-08 14:58 . 2009-07-08 14:58 -------- d-----w- c:\program files\AVG2009-07-08 14:58 . 2009-06-08 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg82009-07-08 14:39 . 2009-07-08 14:39 422 ----a-w- c:\documents and settings\tomP\Application Data\AdobeUM\socks1.exe2009-07-08 14:39 . 2009-07-08 14:39 16141 ----a-w- c:\documents and settings\tomP\Application Data\CopyToDvd\lego.exe2009-07-08 14:39 . 2009-07-08 14:39 145131 ----a-w- c:\documents and settings\tomP\Application Data\Ahead\nomad.exe2009-07-08 14:39 . 2009-07-08 14:39 13221 ----a-w- c:\documents and settings\tomP\Application Data\Adobe\rengo.dll2009-07-08 14:39 . 2009-07-08 14:39 11410 ----a-w- c:\documents and settings\tomP\Application Data\Corel Photo Album\msgdi.dll2009-07-08 14:39 . 2009-07-08 14:39 11232 ----a-w- c:\documents and settings\tomP\Application Data\1ClickDVDCopy\shalom.exe2009-07-08 14:39 . 2009-07-08 14:39 10121 ----a-w- c:\documents and settings\tomP\Application Data\CyberLink\kern.dll2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\Conduit2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\tomP\Local Settings\Application Data\Conduit2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\documents and settings\tomP\Local Settings\Application Data\isoHunt2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\isoHunt2009-07-02 17:38 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll2009-07... Read more

http://www.bleepingcomputer.com/forums/t/237829/google-search-trackernet-hijackthis-log/
Relevancy 36.55%

Logfile of random's system information tool written by random random Run by Naitik Bhatt at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware AAWService exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files (search-tracker.net) trojan redirected with Infected search malware, google Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS System GEARSec exeC Infected with trojan malware, google search redirected (search-tracker.net) WINDOWS system svchost exeC Program Files Java jre bin jqs exec program files mcafee com agent mcdetect exec PROGRA mcafee com vso mcshield exec PROGRA mcafee com agent mctskshd exec PROGRA mcafee com vso OasClnt exeC Program Files Common Files Microsoft Shared VS DEBUG mdm exeC PROGRA McAfee com PERSON MpfService exeC PROGRA McAfee SPAMKI MSKSrvr exec program files mcafee com vso mcvsshld exec program files mcafee com agent mcagent exec progra mcafee com vso mcvsescn exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Norton Ghost Agent VProSvc exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS ehome ehtray exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC WINDOWS system igfxsrvc exeC Program Files Dell QuickSet quickset exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Norton Ghost Agent GhostTray exeC PROGRA McAfee SPAMKI MskAgent exeC PROGRA McAfee com PERSON MpfTray exeC WINDOWS eHome ehmsas exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS ZSSnp exeC WINDOWS Domino exeC PROGRA McAfee com PERSON MpfAgent exeC Program Files Java jre bin jusched Infected with trojan malware, google search redirected (search-tracker.net) exeC Program Files Lavasoft Ad-Aware AAWTray exeC WINDOWS system ctfmon exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Update GoogleUpdate exeC Program Files Spybot - Search amp Infected with trojan malware, google search redirected (search-tracker.net) Destroy TeaTimer exeC PROGRA Intel Wireless Bin Dot XCfg exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Naitik Bhatt Local Settings Application Data Google Google Talk Plugin googletalkplugin exeC WINDOWS system wscntfy exeC Program Files FrostWire FrostWire exeC Documents and Settings Naitik Bhatt Desktop RSIT exeC Program Files trend micro Naitik Bhatt exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Internet Explorer Main Start Page www google com ig dell hl en amp client dell-usuk amp channel usR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId ... Read more

A:Infected with trojan malware, google search redirected (search-tracker.net)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/237586/infected-with-trojan-malware-google-search-redirected-search-trackernet/
Relevancy 41.28%

Hello and thanks to whoever takes this topic I use Firefox and I am running Windows XP with Service Pack My problem is that when Google search-tracker.net Redirect - I click Google Redirect - search-tracker.net on a link on a Google search page Google Redirect - search-tracker.net the link is redirected to various ad sites If I go back to the original Google search page and re-click the same link it will usually go through to the proper site although it sometimes requires a third click before I get to where I want to go When it is redirecting to an advertising site I can - briefly - see the address quot search-tracker net quot displayed at the bottom of the Firefox page in that area where you can see the address of a link if you hover over it with your mouse What I've done so far to try to fix this problem banned cookies from search-tracker net tried to run anti-malware software including Advanced Spywear Remover which removed about instances of malware or spyware but not the one I am trying to fix PCcillian which would not run at all and Malware Bytes again would not run after installation What I've done to prepare for your help Gone through the steps to ensure my XP firewall is engaged it is Run DDS see report below and attached zip file I will be away from my computer from Thursday June to Sunday June Please be assured that if you write during that time I will respond on Monday morning unless I am called to attend a birth which is possible in which case I'll get back to you as soon as I am able Please be aware that a birth can take up to three days Any replies that I receive before Thursday morning I will respond to right away Thanks for your understanding --------------------------------------------------------------------------------------------- DDS Ver - - - NTFSx Run by aim e at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Shaw Secure On-access scanning enabled Updated E ED - - B D-AF A- D F F FW Shaw Secure enabled D - - EB- - F BF Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe svchost exe C WINDOWS system Ati evxx exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Creative Labs Shared Service CreativeLicensing exe C WINDOWS system CTsvcCDA exe C Program Files Common Files Authentium AntiVirus dvpapi exe C WINDOWS Explorer EXE C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Shaw Secure Anti-Virus fsgk st exe C Program Files Flip Video FlipShare FlipShareService exe C Program Files Shaw Secure Anti-Virus FSGK EXE C Program Files Shaw Secure Common FSMA EXE C Program Files Shaw Secure Common FSMB EXE C Program Files Java jre bin jqs exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell QuickSet NICCONFIGSVC exe C Program Files Shaw Secure Common FCH EXE svchost exe C Program Files Shaw Secure Common FAMEH EXE C Program Files Shaw Secure Anti-Virus fsqh exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system SearchIndexer exe C WINDOWS ehome ehtray exe C WINDOWS system WLTRAY exe C WINDOWS stsystra exe C Program Files Dell QuickSet quickset exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Creative SBAudigy Surround Mixer CTSysVol exe C WINDOWS eHome ehmsas exe C Program Files Shaw Secure Common FSM EXE C Program Files Common Files Real Update OB realsched exe C Program Files Shaw Secure FSGUI fsguidll exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Microsoft ActiveSync wcescomm exe C PROGRA MI AA rapimgr exe C WINDOWS system dllhost exe C Program Files Shaw Secure Anti-Virus fssm exe C Program Files Shaw Secure FSA... Read more

A:Google Redirect - search-tracker.net

Hello Doulatron,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

http://www.bleepingcomputer.com/forums/t/236102/google-redirect-search-trackernet/
Relevancy 41.71%

I've downloaded and run HijackThis Here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v search-tracker.net virus help! -- Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC WINDOWS Explorer EXEC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system IFXSPMGT exeC Program Files Java jre bin jqs exeC Program Files McAfee SiteAdvisor Enterprise McSACore exeC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise Mcshield exeC Program Files McAfee VirusScan Enterprise VsTskMgr exeC Program Files OpenCASE OpenCASE Media Agent MediaAgent exeC Program Files Broadcom Security Platform Software PSDsrvc EXEC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files RegCure RegCure exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files McAfee VirusScan Enterprise SHSTAT EXEC Program Files Java jre bin jusched exeC Program Files AutorunRemover AutorunRemover search-tracker.net virus -- help! exeC WINDOWS system ctfmon exeC Program Files Intel Wireless Bin Dot XCfg exeC Program Files Mozilla search-tracker.net virus -- help! Firefox firefox exeC WINDOWS system wuauclt exeC Program Files McAfee Common Framework UdaterUI exeC search-tracker.net virus -- help! Program Files McAfee Common Framework McTray exeC Documents and Settings Forrest Lee Harris FORRESTDELL Desktop avira antivir personal en exeC DOCUME FORRES FOR LOCALS Temp RarSFX basic presetup exeC WINDOWS system msiexec exeC DOCUME FORRES FOR LOCALS Temp RarSFX basic setup exeC Program Files Avira AntiVir Desktop avguard exeC Program Files Avira AntiVir Desktop sched exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files Trend Micro HijackThis HijackThiiiiiis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer actsvr comcastonline com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride cdn localO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper ocxO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan Enterprise scriptcl dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run IntelZeroConfig quot C Program Files Intel W... Read more

A:search-tracker.net virus -- help!

Hello fharris1984,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.*****************We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender.After all of the fixes are complete it is very important that you enable Real-time Protection again.Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

http://www.bleepingcomputer.com/forums/t/236262/search-trackernet-virus-help/
Relevancy 40.42%

I guess this Vundo Variant put a ton of stuff (MS Variant Juan) Vundo on my computer that I finally managed to remove and now it's the only thing left that any of my programs can pick up I've run Trend Vundo Variant (MS Juan) Micro PC-cillin SUPERantiSpyware and Malwarebyte's Anti-Malware The last two can detect it but even after Vundo Variant (MS Juan) rebooting the damn thing just keeps coming back I've tried VundoFix and FixVundo but those Vundo Variant (MS Juan) don't work either I attached my DDS logs Any help you guys can give me would be REALLY appreciated DDS Version - NTFSx Run by Removed at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV PC-cillin Internet Security - Virus Protection On-access scanning enabled Updated FW PC-cillin Internet Security - Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS system igfxpers exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Creative Mixer CTSVolFE exeC WINDOWS System DLA DLACTRLW EXEC Program Files Common Files InstallShield UpdateService issch exeC Program Files Dell MediaDirect PCMService exeC Program Files iTunes iTunesHelper exeC WINDOWS system igfxsrvc exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Java jre bin jusched exeC Program Files Trend Micro Internet Security pccguide exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Digital Line Detect DLG exeC PROGRA MI AA rapimgr exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Dell Support Center bin sprtsvc exesvchost exeC WINDOWS system svchost exe -k imgsvcC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN TmPfw exeC PROGRA TRENDM INTERN tmproxy exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Program Files Mozilla Firefox firefox exeC WINDOWS system rundll exeC WINDOWS system NOTEPAD EXEC Documents and Settings Removed Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuDefault Page URL www google com ig dell hl en amp client dell-usuk-rel amp channel us amp ibd uDefault Search URL hxxp www google com iemDefault Page URL hxxp www dell commStart Page hxxp www dell comuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchAssistant hxxp www google com hws sb dell-usuk-rel en side html channel usBHO efadda- - a -b d - e d e - c windows system jkkKBqrS dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO f f c- d -f - e - b ae e e ea- b - e - f- d c f f - c windows system vtvydu dlluRun ctfmon exe c windows system ctfmon exeuRun DAEMON Tools quot c program files daemon tools daemon exe quot -lang uRun MSMSGS quot c program files messenger msmsgs exe quot backgrounduRun DellSupportCenter quot c program files dell support center bin sprtcmd exe quot P DellSupportCenteruRun OE OEM quot c program files trend micro internet security tmas oe TMAS OEMon exe quot uRun H PC Connection Agent quot c program files microsoft activesync wcescomm exe quot uRun jsf j rgfght c docume Removedc locals temp winloggn exeuRun xsjfn jkemfofght c docume Removedc locals temp winlogin exeuRun SUPERAntiSpyware c program files superanti... Read more

A:Vundo Variant (MS Juan)

Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply.

http://www.bleepingcomputer.com/forums/t/189585/vundo-variant-ms-juan/
Relevancy 40.42%

My computer takes a lot startup, Juan, warnings at odd MS of time to startup and when it does I get all kind of warnings about MS Juan, odd warnings at startup, how such and such exe cannot load seemingly random names like sxhdhcci or jjxywydsgfg etc Also under my startup programs I have a program called MS Juan which a google search indicates is probably malicious and something called quot wudurobana quot which returns no google results scary Other symptoms Video play is painfully choppy and internet pages tend to load very slowly My searches have indicated that the bug I have is pretty common just want to make sure I don't do something stupid and remove something I shouldn't so I came to the experts here Thanks so much guys in advance I'll be patiently waiting DDS Ver - - - NTFSx Run by Braden at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows system Ati evxx exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows system Ati evxx exe C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System WLTRYSVC EXE C Windows System bcmwltry exe C Program Files Lavasoft Ad-Aware aawservice exe C Windows System LEXBCES EXE C Windows System LEXPPS EXE C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Windows System mobsync exe C Program Files Windows Defender MSASCui exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Cisco Systems VPN Client cvpnd exe C Windows system svchost exe -k hpdevmgmt c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Windows System svchost exe -k HPZ C Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files Common Files Roxio Shared SharedCOM RoxWatch exe C Program Files Microsoft SQL Server Shared sqlbrowser exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system STacSV exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C PROGRA McAfee MSC mcmscsvc exe C Windows system taskeng exe C Program Files Synaptics SynTP SynTPEnh exe C Windows sttray exe C Windows System WLTRAY EXE C Program Files Java jre bin jusched exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Common Files Real Update OB realsched exe c PROGRA mcafee com agent mcagent exe C Program Files Windows Media Player wmpnscfg exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Dell QuickSet quickset exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe C Program Files Windows Media Player wmpnetwk exe C Program Files Mozilla Firefox firefox exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files HP Digital Imaging bin hpqSTE exe c program files common files mcafee mna mcnasvc exe C Windows system wuauclt exe C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows servicing TrustedInstaller exe C Windows explorer exe C Windows system wbem wmiprvse exe C Users Braden Desktop dds scr Pseudo HJT Report uStart Page hxxp ... Read more

A:MS Juan, odd warnings at startup,

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/226024/ms-juan-odd-warnings-at-startup/
Relevancy 39.99%

Hello I have been infected with a New Juan Vundo variant I have been variant Juan New / Infected: Vundo infected once in the past and Infected: New Juan / Vundo variant I managed to manually delete the various DLLs that seemed to be causing the problem However I have installed many more programs since then and I don't want to accidently delete some DLL that is needed for something So how did I get infected Well the most recent episodes were released Battlestar Galactica I simply couldn't wait the one week to watch them streaming and so I Infected: New Juan / Vundo variant managed to get hold of a bad torrent The torrent asked to install something which I obviously didn't do but after a couple days I noticed the tell tale pops Superantispyware tells me I have the Vundo New Juan variants and I can see the bad DLLs in the hijack this Also I am currently running a Vundo fix right now and awaiting the results At any rate I would greatly appreciate any help that you can provide Below I have provided First the DDS and second a recent hijack this DDS Ver - - - NTFSx Run by James G Reynolds at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - FW Norton AntiVirus enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC WINDOWS system nvsvc exeC WINDOWS Explorer EXEC Program Files NVIDIA Corporation NvMixer NVMixerTray exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Microsoft IntelliPoint ipoint exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exeC Program Files QuickTime QTTask exeC Program Files iTunes iTunesHelper exeC WINDOWS system rundll exeC Documents and Settings James G Reynolds Local Settings Application Data Google Update GoogleUpdate exeC WINDOWS system ctfmon exeC Program Files Messenger msmsgs exeC Program Files Steam Steam exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files BOINC boincmgr exeC Program Files BOINC boinc exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Mozilla Firefox firefox exeC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings James G Reynolds My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp www cnn com uInternet Settings ProxyOverride localBHO e d - f f- f -adc - dd - c windows system sonukupa dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google google toolbar GoogleToolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c program files google googletoolbarnotifier swg dllBHO Google Dictionary Compression sdch c d fe-e d- -bb - c e e c e - c program files google google toolbar component fastsearch B E dllBHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dllBHO febcb f - ce - b a- -aa a ab fd df ba -a aa- -a b - ec f bcbef - c windows system sksrpi dllBHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eab... Read more

A:Infected: New Juan / Vundo variant

Vundofix returned no results.

http://www.bleepingcomputer.com/forums/t/213427/infected-new-juan-vundo-variant/
Relevancy 39.56%

Hi Would be very grateful for your help Have had a whole load of malware on my computer and deleted a lot of it using a combination of adaware maleware bytes superantispyware and spybot while in safe mode However malewarebytes keeps coming up with an entry for malware trace MS Juan and is unable to remove it I to MS Unable Juan remove malware.trace understand this Unable to remove malware.trace MS Juan may mean I have another hidden infection elsewhere I'm not getting any active problems with my computer at present other than running a little slower than usual Scan report below Thanks MDDS Ver - - - NTFSx Run by Me at on Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe Unable to remove malware.trace MS Juan -k WudfServiceGroupC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exesvchost exesvchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files Dell Bluetooth Software bin btwdins exeC WINDOWS system CTsvcCDA EXEC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC PROGRA AVG AVG avgrsx exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system RUNDLL EXEC WINDOWS V Mon exeC Program Files Apoint Apoint exeC PROGRA AVG AVG avgtray exeC Program Files Java jre bin jusched exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS system dla tfswctrl exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC Program Files Apoint HidFind exeC Program Files Apoint Apntex exeC Program Files Common Files PCSuite Services ServiceLayer exeC WINDOWS system DrvMon exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Documents and Settings Me Local Settings Application Data Google Update GoogleUpdate exeC PROGRA MI AA rapimgr exeC Program Files Common Files PCSuite Services NclBTHandler exeC Program Files Mozilla Firefox firefox exeC Program Files Dell Bluetooth Software BTTray exeC Program Files Digital Line Detect DLG exeC Program Files Microsoft Office Office ONENOTEM EXEC PROGRA Dell BLUETO BTSTAC EXEC Program Files AVG AVG avgui exeC Documents and Settings Me Desktop dds scr Pseudo HJT Report uSearch Page hxxp www google comuDefault Page URL hxxp www dell co uk mywayuSearch Bar hxxp www google com ieuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Connection Wizard ShellNext hxxp www dell co uk mywayuInternet Settings ProxyOverride localuSearchURL Default hxxp www google com keyword smSearchAssistant hxxp www google com ieBHO be- c - f-ad b- cce e d - No FileBHO E E- D - D B-BC -E DE CDBF - No FileBHO RealPlayer Download and Record Plugin for Internet Explorer c e -b - bc - - c ca - c program files real realplayer rpbrowserrecordplugin dllBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO DriveLetterAccess ca d e- - cf- e - - c windows system dla tfswshx dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLLBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c pro... Read more

A:Unable to remove malware.trace MS Juan

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/193920/unable-to-remove-malwaretrace-ms-juan/
Relevancy 39.99%

Hi I started having problems with my computer I am getting a popup every so often from internet explorer, I use always use firefox. I ran scans with spybot sd, adaware se, and eset nod 32, all updated, scans come up dirty, deleted all infected items, rebooted and scanned again, still having the popup problem, also now some browser issues more and more adress not found, did some research on here got mbam and scanned and rebooted now i have only 2 files that wont stay deleted, also got hijack this, from reading on here it seems customary to post the logs to get proper help i will do so in a seperate post. thanks for any advice.

A:MS Juan,MS Track System problems

Malwarebytes' Anti-Malware 1.34Database version: 1801Windows 5.1.2600 Service Pack 32/24/2009 8:45:27 PMmbam-log-2009-02-24 (20-45-27).txtScan type: Quick ScanObjects scanned: 118978Time elapsed: 4 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)-------------------HJT log---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:46:08 PM, on 2/24/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Zune\ZuneLauncher.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java? Plug-In SSV Helper - {761497BB-D6F0-462C-B6E... Read more

http://www.bleepingcomputer.com/forums/t/206360/ms-juanms-track-system-problems/
Relevancy 36.55%

I've been infected for over a month and only seem to be going from bad to worse I ran SuperAntiSpyware Free Edition and it listed a lot of trojans I seem to have got rid of a lot of the trojans but two of them when I try to delete it off the results page I get the blue screen ups adware resident, pop 360, antivirus juan variant, downloader Infected vm, new trojan 2009 vundo gudmun with fakealert, & of death telling me a memory system error has occurred and they are called adware gudmun resident and trojan downloader new juan vm both have files and seem to have each Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups affected parts of my memory because SUPERAntiSpyware Free Edition list a file name and memory processor under their name Also after I deleted a few things off the results page I now get these two messages upon my desktop loading quot RUNDLL Error loading C WINDOWS system neburufo dll the specified module can not be found Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups quot Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups and quot RUNDLL Error loading C WINDOWS system lefizuvo dll the specified module can not be found quot As for the actual problems on my computer I keep getting pop ups telling me that I'm infected and it needs to run antivirus antivirus etc it always lists a different 'spywaye program' and it tells me to hit ok or cancel but if I hit either button it directs me to some website It happens frequently so even if I just have one window open by the time I know it I have extra windows open with nothing but a fake spyware message up with that warning I bought Norton Premier Edition from Fry's and installed it I ran it once and it was working fine but after a day or so it would no longer update or be allowed to get online and now I can't even run it at all The viruses and trojans that is on my computer has seemed to disabled every virus program I have because I can no longer run my Norton Adaware or the online trend micro housecall My Internet Explorer is not able to display pictures or icons at all I don't see the red x though I see the sheet of paper with a red square green circle and blue rectangle I've been using firefox because it was working better than my IE and the pictures loaded on there but I got a message saying a security update from firefox needed to be updated and I did it and when firefox restarted it won't connect to the internet anymore Sorry if this all sounds incoherent but I am at my wit's end with all the problems I'm having I've done everything I could think of to fix it on my own and it just seems to make it worse Please help I am desperate for all this to just be resolved and working again after over a month of nothing but problems DDS Ver - - - NTFSx Run by Leticia at on Wed Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV Norton Premier Edition On-access scanning enabled Updated FW disabled FW Norton Premier Edition enabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system Ati evxx exe svchost exe svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Common Files Symantec Shared VAScanner comHost exe C PROGRA COMMON SYMANT CCPD-LC symlcsvc exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS ehome ehtray exe C Program Files Creative SBAudigy ZS Surround Mixer CTSysVol exe C Program Files Creative SBAudigy ZS DVDAudio CTDVDDET EXE C WINDOWS system CTHELPER EXE C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system dla tfswctrl exe C WINDOWS system LVCOMSX EXE C Program Files ATI Technologies ATI ACE CLI ... Read more

A:Infected with trojan downloader new juan vm, adware gudmun resident, antivirus 2009 & 360, vundo variant, fakealert, pop ups

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

http://www.bleepingcomputer.com/forums/t/198911/infected-with-trojan-downloader-new-juan-vm-adware-gudmun-resident-antivirus-2009-360-vundo-variant-fakealert-pop-ups/
Relevancy 41.28%

I have Ms Juan on my computer When I run malwarebytes it MS rid of get Cant Juan says it cant delete it without restarting my computer but when I hit ok it doesnt restart my computer and MS Juan remains on the computer Any help in getting rid of MS Juan Cant get rid of MS Juan would be appreciated Thank you Logfile of Trend Micro HijackThis v Scan saved at PM on Cant get rid of MS Juan Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS Cant get rid of MS Juan system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS system igfxsrvc exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC Program Files Dell Media Experience DMXLauncher exeC Program Files Dell QuickSet quickset exeC Program Files Creative Mixer CTSVolFE exeC WINDOWS system spoolsv exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files Internet Explorer iexplore exeC Program Files HP HP Software Update HPWuSchd exeC PROGRA ALWILS Avast ashDisp exeC WINDOWS system ctfmon exeC Program Files Digital Line Detect DLG exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files iPod bin iPodService exeC WINDOWS system dllhost exeC PROGRA Intel Wireless Bin Dot XCfg exeC Program Files HP Digital Imaging bin hpqSTE exeC Program Files HP Digital Imaging bin hpqbam exeC Program Files HP Digital Imaging bin hpqgpc exeC WINDOWS eHome ehmsas exeC WINDOWS system msiexec exeC Program Files Antispyware Antispyware exeC WINDOWS system rundll exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel usR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run igfxpers C WINDOWS system igfxpers exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O -... Read more

A:Cant get rid of MS Juan

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,suly14. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.In the meantime, please refrain from making any changes to your computer, and please do in the following:Step1Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:1.RSIT log.txt and info.txt. Thanks

http://www.bleepingcomputer.com/forums/t/201549/cant-get-rid-of-ms-juan/
Relevancy 39.13%

I've been trying to disinfect infected downloader/ms trojan heur juan/win32 this computer for a friend and more viruses keep coming back I've scanned with AVG free main antivirus malwarebytes sdfix and superanti spyware For a little while it wouldn't log on normally only showing the background with no icons or system tray but I got in safe mode and ran malwarebytes infected trojan downloader/ms juan/win32 heur and cleaned the registry and all files with ccleaner and I can now log on again Currently AVG resident shield continually pops up with infected items on open of certain folders and files and on startup with a bunch Some viruses its told me it found were adware generic akgs trojan downloader bho hun i think and some registry infections of ms juan and new juan HiJack This LogLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Intel IntelDH CCU AlertService exeC Program Files Common Files AOL TopSpeed aoltsmon exeC PROGRA AVG AVG avgwdsvc exeC Program Files Common Files AOL TopSpeed aoltpspd exeC WINDOWS Explorer EXEC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files Intel Intel Matrix Storage Manager Iaantmon exeC Program Files Java jre bin jqs exeC WINDOWS system LxrSII s exeC WINDOWS system HPZipm exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC PROGRA AVG AVG avgemc exeC Program Files Intel Audio Studio IntelAudioStudio exeC Program Files Intel IntelDH Intel reg Quick Resume Technology Drivers Elservice exeC Program Files Intel IntelDH Intel Media Server Media Server bin ISSM exeC WINDOWS system hkcmd exeC WINDOWS ehome mcrdsvc exeC WINDOWS system igfxpers exeC PROGRA AVG AVG avgtray exeC Program Files AVG AVG avgcsrvx exeC WINDOWS system igfxsrvc exeC Program Files Java jre bin jusched exeC WINDOWS System reader s exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC PROGRA COMMON kwqu kwqum exeC Documents and Settings Owner YOUR- B BFE reader s exeC Program Files Intel IntelDH Intel Media Server Media Server bin mediaserver exeC Program Files HP Digital Imaging bin hpqtra exeC PROGRA COMMON kwqu kwqua exeC WINDOWS system dllhost exeC WINDOWS system rsvp exeC WINDOWS system wbem wmiprvse exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS TEMP BN tmpC WINDOWS System svchost exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeC Program Files AVG AVG avgcsrvx exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explorer Main Start Page http www ... Read more

A:infected trojan downloader/ms juan/win32 heur

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

http://www.bleepingcomputer.com/forums/t/205424/infected-trojan-downloaderms-juanwin32-heur/
Relevancy 40.42%

Accidentally download this virus Now annoying pop-ups keep appearing Started with sagipsul but that stopped and now they are just browsers with numbers When switching applications with ALT Tab I can see numerous black firefox screens open that just have Mozilla Firefox as the title but you cannot select those screens Below is the log file Thank you for your help DDS Ver - - - NTFSx Run by Owner at on Sat Internet with Infected the Juan virus Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV On-access scanning disabled Outdated AV Trend Micro OfficeScan Antivirus On-access scanning enabled Updated FW Trend Micro OfficeScan Enterprise Client Firewall disabled FW Trend Micro Personal Firewall disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost Infected with the Juan virus exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe Infected with the Juan virus C WINDOWS system CTsvcCDA exe C Program Files Juniper Networks Common Files dsNcService exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C WINDOWS system svchost exe -k imgsvc C WINDOWS System dmadmin exe C Program Files Common Files Symantec Shared Security Center SymWSC exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system igfxtray exe C Program Files Java jre bin jusched exe C Program Files Verizon Servicepoint VerizonServicepoint exe C Program Files D-Tools daemon exe C Program Files iTunes iTunesHelper exe C Program Files Creative Shared Files Module Loader DLLML exe C Program Files Creative SBLive -Bit External Surround Mixer CTSysVol exe C WINDOWS system RunDll exe C Program Files Creative Shared Files CTSched exe C Program Files Trend Micro OfficeScan Client pccntmon exe C Program Files Creative Shared Files Software Update AutoUpdate exe C Program Files Creative MediaSource Detector CTDetect exe C Program Files Creative MediaSource MtdAcqu exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Kodak Kodak EasyShare software bin EasyShare exe C Program Files Creative SBLive -Bit External Entertainment Center EAXLoadr exe C Program Files iPod bin iPodService exe C WINDOWS system rundll exe C Program Files Java jre bin jucheck exe C Program Files AIM aim exe C Program Files Common Files Real Update OB realsched exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uSearch Bar hxxp www google com ie uStart Page uSearch Page hxxp www google com mDefault Search URL hxxp www google com ie mSearch Page hxxp www google com uInternet Connection Wizard ShellNext iexplore uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com uSearchURL Default hxxp www google com search q s BHO b a bbcf- ba - - - d c a a c - d - - - ab fcbb a b - c windows system jpmhyl dll TB B EAC - D - B E- B -A C A A - No File TB BDAD DAD-C - A -ADC - B B FF D - No File TB CDD BF- FFB- - AD - DF B D - No File TB E BD F- B D- E-D FC-E AF D FA D - No File uRun Creative Detector quot c program files creative mediasource detector CTDetect exe quot R uRun MtdAcqu quot c program files creative mediasource MtdAcqu exe quot s uRun ares quot c program files ares Ares exe quot -h uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun Recguard WINDIR SMINST RECGUARD EXE mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun EPSON Stylus CX c windows system spool drivers w x E S I G EXE P quot EPSON Stylus CX quot O quot USB quot M quot Stylus CX quot mRun SunJavaUpdateSched quot c program f... Read more

A:Infected with the Juan virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the ch... Read more

http://www.bleepingcomputer.com/forums/t/195993/infected-with-the-juan-virus/
Relevancy 40.42%

Hi Recently my computer became infected with some viruses I was able to clean it up using Malwarebytes and Spybot However there are two registries that keep reappearing after I delete them MS Juan and MS Track System I can confirm that they are being deleted and are gone when I reboot my system but after a short time I start getting ads pop up When I MS Juan MS System Track and check the registry they are back Any help is greatly appreciated See this posting for reference http www bleepingcomputer com forums t ms-juan-and-ms-track-system DDS Ver - - - NTFSx Run by Jesse at on Sat Internet Explorer BrowserJavaVersion MS Juan and MS Track System Microsoft Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcsC WINDOWS system svchost exe -k WudfServiceGroupsvchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system cisvc exeC WINDOWS system CTsvcCDA EXEC WINDOWS System svchost exe -k HTTPFilterC Program Files Kodak printer center KodakSvc exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC WINDOWS system nvsvc exeC WINDOWS System svchost exe -k imgsvcC Program Files TVersity Media Server MediaServer exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system ZuneBusEnum exec PROGRA mcafee com agent mcagent exeC WINDOWS Explorer EXEC WINDOWS System spool DRIVERS W X EKIJ MUI exeC PROGRA Yahoo browser ybrwicon exeC Program Files Java jre bin jusched exeC WINDOWS system RUNDLL EXEC Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exeC WINDOWS system Grxp exe exeC WINDOWS BCMSMMSG exeC Program Files Roxio Easy CD Creator DirectCD DirectCD exeC PROGRA Yahoo browser ycommon exeC Program Files Zune ZuneLauncher exeC Program Files Common Files Real Update OB realsched exeC Program Files Unlocker UnlockerAssistant exeC PROGRA SBCSEL SMARTB MotiveSB exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Creative MediaSource Detector CTDetect exeC Program Files Windows Media Player WMPNSCFG exeC Documents and Settings Jesse Local Settings Application Data Google Update GoogleUpdate exeC Program Files Digital Line Detect DLG exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files SBC Self Support Tool bin mpbtn exeC Program Files iPod bin iPodService exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system cidaemon exeC PROGRA McAfee VIRUSS mcods exec PROGRA mcafee VIRUSS mcvsshld exeC WINDOWS system cidaemon exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC executables dds scr Pseudo HJT Report uStart Page hxxp www tenclub net uDefault Page URL hxxp www dellnet comuSearch Bar hxxp red clientapps yahoo com customize ie defaults sb sbcydsl http www yahoo com search ie htmlmSearch Page uInternet Connection Wizard ShellNext iexploreuInternet Settings ProxyOverride localuSearchURL Default hxxp red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo comBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dllBHO D A B- ED- E D- - C CD - No FileBHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dllBHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dllBHO scriptproxy db d a - - e -b d- f c - c progra mcafee viruss scriptsn dllTB BF - F - - - FE E AA - No FileTB C B - - D - B - A CD F - No FileTB amp Yahoo Toolbar ef bd -c fb- d - f- d f - EB BBE - E - D -AD - D AD - No FileEB - a - b-a - c a a - No FileuRun ctfmon exe c windows system ctfmon exeuRun NetSP - restore settings on power failure c program fi... Read more

A:MS Juan and MS Track System

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

http://www.bleepingcomputer.com/forums/t/203445/ms-juan-and-ms-track-system/
Relevancy 39.13%

Hi my computer has been infected with the Vundo virus SUPERAntiSpyware says the infected files are all in the registry When I try to remove them with anti-spyware programs they keep coming back I even tried Malwarebytes but they keep coming back even after I reboot Here is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Safe mode registry from Adware.Vundo remove Variant/Rel MS Can't Juan and with network supportRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Mozilla Firefox firefox exeC WINDOWS system igfxsrvc exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www gaiaonline comR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Can't remove MS Juan from registry and Adware.Vundo Variant/Rel Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Can't remove MS Juan from registry and Adware.Vundo Variant/Rel Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Viewpoint Toolbar BHO - A C -B - EDB- - D C EC - C Program Files Viewpoint Viewpoint Toolbar ViewBarBHO dll file missing O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - Toolbar Viewpoint Toolbar - F AD AA -D - - DAF- D B - C Program Files Common Files Viewpoint Toolbar Runtime IEViewBar dllO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run IntelMeM C Program Files Intel Modem Event Monitor IntelMEM exeO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run DMXLauncher C Program Files Dell Media Experience DMXLauncher exeO - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUNO - HKLM Run DXM Patch C WINDOWS p exe Q AO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run QUICKCARE C Program Files Qwest QuickCare bin sprtcmd exe P QUICKCAREO - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run WinampAgent quot C Program Files Winamp winampa exe quot O - HKLM Run LogitechQuickCamRibbon quot C Program Files Logitech QuickCam Quickcam exe quot hideO - HKLM Run LogitechCommunicationsManager quot C Program Files Common Files LogiShrd LComMgr Communications Helper exe quot O - HKLM Run LogonStudio quo... Read more

A:Can't remove MS Juan from registry and Adware.Vundo Variant/Rel

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,Canarie. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:I notice you have run HJT in Safe mode with network support. I hope you can run RSIT in normal mode. Otherwise, run it in either mode.Step1Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:1.RSIT log.txt and info.txt. Thanks

http://www.bleepingcomputer.com/forums/t/198151/cant-remove-ms-juan-from-registry-and-adwarevundo-variantrel/
Relevancy 39.56%

I started getting pop-ups and noticed my malware MS needed! Vundo Infected Juan/ with Help computer had slowdowned so I ran avast and found a bunch of trojans of the Vundo type Infected with MS Juan/ Vundo malware Help needed! Avast didn't take care of the problem so I've tried uninstalling and updating Java spybot windows defender adaware and malwarebytes Doing all of this I seem to have cleared up most of the Infected with MS Juan/ Vundo malware Help needed! bad stuff I am still getting problem found when I run malwarebytes a registry entry called MS JUAN I am also still getting the popup window when I am surfing the web When I remove this entry it comes back instantly Help is very appreciated DDS Ver - - - NTFSx Run by Andrew at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning enabled Updated Running Processes F WINDOWS system svchost -k DcomLaunch svchost exe F Program Files Windows Defender MsMpEng exe F WINDOWS System svchost exe -k netsvcs F WINDOWS system svchost exe -k WudfServiceGroup svchost exe F WINDOWS system spoolsv exe F Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe F WINDOWS System svchost exe -k HTTPFilter svchost exe F WINDOWS System svchost exe -k imgsvc F Program Files Viewpoint Common ViewpointService exe F WINDOWS Explorer EXE F Program Files Windows Defender MSASCui exe F Program Files AIM aim exe F Program Files AIM aolsoftware exe F Program Files Mozilla Firefox firefox exe F Program Files Viewpoint Viewpoint Manager ViewMgr exe F Program Files Microsoft Office Office WINWORD EXE F Program Files Java jre bin jqs exe F WINDOWS system rundll exe F Documents and Settings Andrew Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - f program files common files adobe acrobat activex AcroIEHelper dll BHO CB A EF-C - F - BA- A - No File BHO Spybot-S amp D IE Protection - f - d - - d f - f program files spybot - search amp destroy SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - f program files java jre bin ssv dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - f program files adobe acrobat acrobat AcroIEFavClient dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - f program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - f program files java jre lib deploy jqs ie jqs plugin dll TB Adobe PDF -d c - - fa - e eaac - f program files adobe acrobat acrobat AcroIEFavClient dll TB DB BFA -A E - E- E A-C D CBF - No File EB Adobe PDF ec be- - c -a -beb d a b - f program files adobe acrobat acrobat AcroIEFavClient dll EB - a - b-a - c a a - No File uRun Aim quot f program files aim aim exe quot d locale en-US ee aol imApp mRun AppleSyncNotifier f program files common files apple mobile device support bin AppleSyncNotifier exe mRun Windows Defender quot f program files windows defender MSASCui exe quot -hide mRun SunJavaUpdateSched quot f program files java jre bin jusched exe quot IE Append to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert link target to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert link target to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert selected links to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECaptureSelLinks html IE Convert selected links to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppendSelLinks html IE Convert selection to Adobe PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert selection to existing PDF - f program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert... Read more

A:Infected with MS Juan/ Vundo malware Help needed!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the ch... Read more

http://www.bleepingcomputer.com/forums/t/196631/infected-with-ms-juan-vundo-malware-help-needed/
Relevancy 40.42%

I keep getting random pop ups and its getting really frustrating I've run Malwarebytes and keep getting the same TRACK SYSTEM and MS MS Juan two infections no matter how many times I clear MS Juan and MS TRACK SYSTEM them out Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS MS Juan and MS TRACK SYSTEM Track System Trojan Vundo - gt Quarantined and deleted successfully Can you please assist in how to remove these I will paste my mbam and hijackthis logsMalwarebytes' Anti-Malware Database version Windows Service Pack AMmbam-log- - - - - txtScan type Quick ScanObjects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP MS Juan and MS TRACK SYSTEM WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINNT System smss exeC WINNT system winlogon exeC WINNT system services exeC WINNT system lsass exeC WINNT system svchost exeC WINNT System svchost exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Lavasoft Ad-Aware aawservice exeC WINNT system spoolsv exeC Program Files BigFix Enterprise BES Client BESClient exeC Program Files Kaiser VPN Client cvpnd exeC WINNT system enstart exeC Program Files Intel Wireless Bin EvtEng exeC Program Files WS FTP Pro ftpsched exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Google Update GoogleUpdate exeC Program Files Java jre bin jqs exeC winnt Tivoli lcf bin w -ix mrt lcfd exeC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise VsTskMgr exec progra merlin merlin exeC Program Files lotus notes ntmulti exeC WINNT system Prot srv exeC Program Files Novadigm radexecd exeC Program Files Novadigm radsched exeC Program Files Novadigm Radstgms exeC Program Files Intel Wireless Bin RegSrvc exeC WINNT System snmp exeC Program Files Spyware Terminator sp rsser exeC Program Files UPHClean uphclean exeC Program Files Citrix ICA Client ssonsvr exeC WINNT Explorer EXEC Program Files McAfee VirusScan Enterprise SHSTAT EXEC Program Files McAfee Common Framework UdaterUI exeC WINNT system hkcmd exeC Program Files Analog Devices Core smax pnp exeC Program Files Pointsec Pointsec for PC P Tray exeC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC Program Files McAfee Common Framework McTray exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Merlin MWIStats exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files WS FTP Pro ftpqueue exeC Program Files Java jre bin jusched exeC WINNT system ctfmon exeC Program Files Taskbar Shuffle taskbarshuffle exeC Program Files MSN Messenger MsnMsgr ExeC Program Files DNA btdna exeC Program Files Hewlett-Packard Shared hpqwmiex exeC Program Files MySpace IM MySpaceIM exeC Documents and Settings C Desktop putty exeC Program Files MySpace IM MySpaceIM exeC Program Files MSN Messenger usnsvc exeC Program Files Lotus Notes NLNOTES EXEC Program Files AR System User aruser exeC Program Files Lotus Notes ntaskldr EXEC Program Files Yahoo Messenger YahooMessenger exeC WINNT syste... Read more

A:MS Juan and MS TRACK SYSTEM

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/192777/ms-juan-and-ms-track-system/
Relevancy 39.99%

Hello, I started getting bad popups from my browsers a week ago, ran malware and removed them then they ended up coming back today.

MS Juan is what i can't seem to uninstall. I ran Combofix already and it cleared up the problem so far but im sure ill get another one very soon.

Here is the DDS attachment.

A:MS Juan And other popups. Problems removing.

Hello Tosiek,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

http://www.bleepingcomputer.com/forums/t/192276/ms-juan-and-other-popups-problems-removing/
Relevancy 40.42%

Infected with this MS JUAN I think Opens pages and pages for spyware sites After being infected I started getting an error upon start up RUN DLL - Error Loading - C windows kgilipp dll - Not Found Also now I can't even boot in anything other than safe mode Otherwise screen goes blue with JUAN VIRUS MS IT CAN'T REMOVE - message Computer is shutting down to protect itself from damage etc I've run SuperAntiSpy AVG PC-Cillin Reg Mechanic Ccleaner nothing works Please someone help I need my computer for working from home Thanks DDS Ver - - - NTFSx MINIMAL Run by Dave at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV PC-cillin Internet Security - Virus Protection On-access scanning enabled Outdated FW PC-cillin Internet Security - Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS system svchost exe -k netsvcs C WINDOWS Explorer EXE C Documents and Settings Dave MS JUAN VIRUS - CAN'T REMOVE IT Desktop dds scr Pseudo HJT Report uStart Page hxxp www MS JUAN VIRUS - CAN'T REMOVE IT google com uSearch Page hxxp www google com uDefault Page URL hxxp www dell me com myway uSearch Bar hxxp www google com ie uInternet Settings ProxyOverride local uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion MS JUAN VIRUS - CAN'T REMOVE IT installs cpn yt dll BHO SnagIt Toolbar Loader c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dll BHO Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO AcroIEHlprObj Class e f-c d - d -b d- b d be b - c program files adobe acrobat reader activex AcroIEHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll ccd - fc- -b d- edec b e f BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO eb e- d - a- d -e ce a caf fac a -ec e- d -a - d e be - c windows system gyfosm dll TB BA B -B - c -B - F F - No File TB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll TB SnagIt ff e -abde- eb-b e-d aab cabe - c program files techsmith snagit SnagItIEAddin dll TB FF E -ABDE- EB-B E-D AAB CABE - No File uRun BgMonitor E - C C- d f- C - D A B AA quot c program files common files ahead lib NMBgMonitor exe quot uRun ctfmon exe c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun Google Update quot c documents and settings dave local settings application data google update GoogleUpdate exe quot c uRun ISUSPM quot c program files common files installshield updateservice ISUSPM exe quot -scheduler uRun OE OEM quot c program files trend micro internet security tmas oe TMAS OEMon exe quot uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun ehTray c windows ehome ehtray exe mRun IAAnotif c program files intel intel matrix storage manager iaanotif exe mRun SigmatelSysTrayApp stsystra exe mRun IntelMeM c program files intel modem event monitor IntelMEM exe mRun ISUSPM Startup c progra common instal update ISUSPM exe -startup mRun ISUSScheduler quot c program files common files installshield updateservice issch exe quot -start mRun Dell Photo AIO Printer quot c program files dell photo aio printer dlbtbmgr exe quot mRun DLBTCATS rundll c windows system spool drivers w x DLBTtime dll RunDLLEntry mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun nwiz nwiz exe install mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun Google Desktop Search quot c program files google google desktop search GoogleDesktop exe q... Read more

A:MS JUAN VIRUS - CAN'T REMOVE IT

Hello Astrochimp and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/198644/ms-juan-virus-cant-remove-it/
Relevancy 40.42%

Hi all Last Friday my computer started acting all sorts of weird Specifically my desktop background has changed to a blue screen I get random popups pornographic icons were installed on MS VIRTUEMONDE JUAN, MS TRACKSYSTEM, my desktop and the computer often tells me that I don't have permission to press CTL ALT DELETE or disable certain applications I've scanned my system with SuperAntiSpyware and it identified the problem as MS JUAN and MS TRACKSYSTEM However after quarantining removing rebooting and rescanning these files still come up I'm trying to follow the protocol listed on the quot Preparation Guide for use before posting about your potential Malware problem quot so bear with me I would love any help that can be offered this happened to my work computer so productivity has been pretty low this week as I deal with this virus Here are my logs DDS Version - NTFSx Run by MS JUAN, MS TRACKSYSTEM, VIRTUEMONDE Tara Cottrill at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated AV Total Protection Service On-access scanning enabled Updated FW Total MS JUAN, MS TRACKSYSTEM, VIRTUEMONDE Protection Service enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system brsvc a exe C WINDOWS system brss a exe C WINDOWS system spoolsv exe C PROGRA AVG AVG avgwdsvc exe C Program Files Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exe C Program Files McAfee Managed VirusScan VScan EngineServer exe C Program Files Common Files McAfee HackerWatch HWAPI exe C PROGRA AVG AVG avgrsx exe C Program Files McAfee Managed VirusScan Agent myAgtSvc exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS Explorer EXE c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system SearchIndexer exe C WINDOWS system igfxsrvc exe C WINDOWS system igfxpers exe C Program Files CyberLink PowerDVD DX PDVDDXSrv exe C Program Files McAfee Managed VirusScan Agent myAgtTry exe C Program Files Brother ControlCenter brctrcen exe C PROGRA AVG AVG avgtray exe C WINDOWS RTHDCPL EXE C Program Files Common Files InstallShield UpdateService ISUSPM exe C WINDOWS system ctfmon exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee Managed VirusScan VScan McShield exe C Program Files Microsoft Office Office WINWORD EXE C Program Files Mozilla Firefox firefox exe C WINDOWS system SearchProtocolHost exe C Documents and Settings Tara Cottrill Desktop dds scr Pseudo HJT Report uStart Page hxxp partnerpage google com smallbiz dell com en us hl en amp client dell-usuk amp channel us-smb amp ibd uSearch Page hxxp www google com hws sb dell-usuk en side html channel us-smb uDefault Page URL partnerpage google com smallbiz dell com en us hl en amp client dell-usuk amp channel us-smb amp ibd uSearch Bar hxxp www google com hws sb dell-usuk en side html channel us-smb mDefault Page URL hxxp www dell com mDefault Search URL hxxp www google com ie mStart Page hxxp www dell com uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com hws sb dell-usuk en side html channel us-smb BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO c bcf e-b - bc-a a-d fb bd - c windows system mlJYrPJB dll TB BeInSync f ba- c d- a a- ba - e adc b - c progra beinsync BISShellEx dll TB AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL uRun ISUSPM quot c program files common files installshield updateservice ISUSPM exe quot -scheduler uRun ctfmon exe c windows system ctfmon exe uRun DellSup... Read more

A:MS JUAN, MS TRACKSYSTEM, VIRTUEMONDE

Hi tarablelawyer,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your malware issues.Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert before I post so there may be a slight delay. Don't worry I won't abandon you Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes. This can make helping you impossible.
Please reply to this post so I know you are there.Thanks

http://www.bleepingcomputer.com/forums/t/192883/ms-juan-ms-tracksystem-virtuemonde/
Relevancy 40.42%

Keep getting popups and the viruses keep coming back no matter how many times I remove them using avg ad-aware DDS Ver - - - NTFSx Run by daveyjones at on Mon Internet Explorer Microsoft Windows XP Professional GMT - AV AVG On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C PROGRA Grisoft AVG avgcc exe C Program Files iTunes iTunesHelper exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS / / juan fakealert ms Virtumonde system svchost exe -k imgsvc C Program Files Viewpoint Common ViewpointService exe C U S R TurboGWLAN USRWLANG exe C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Viewpoint Viewpoint Manager ViewMgr exe C WINDOWS system rundll exe C Program Files Mozilla Firefox firefox exe C Documents and Settings daveyjones Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com BHO b c-ec - c - -d ed aeb acb - c windows system nnnkJCTJ dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Windows Virtumonde / ms juan / fakealert Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Windows Live Toolbar Helper bdbd dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dll BHO NoExplorer - No File BHO b d c f - a - dbb-ce - c e e -c - ec-bbd - a f c d b - c windows system zdtfbj dll TB Adobe PDF -d c - - fa - e eaac - e progs adobe adobe acrobat acrobat AcroIEFavClient dll TB Windows Live Toolbar bdad dad-c - a -adc - b b ff d - c program files windows live toolbar msntb dll EB Adobe PDF ec be- - c -a -beb d a b - e progs adobe adobe acrobat acrobat AcroIEFavClient dll uRun STYLEXP c program files tgtsoft stylexp StyleXP exe -Hide mRun ATIModeChange Ati mdxx exe mRun ATIPTA c program files ati technologies ati control panel atiptaxx exe mRun SynTPLpr c program files synaptics syntp SynTPLpr exe mRun SynTPEnh c program files synaptics syntp SynTPEnh exe mRun AVG CC c progra grisoft avg avgcc exe STARTUP mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot dRun AVG Run c progra grisoft avg avgw exe RUNONCE StartupFolder c docume alluse startm programs startup usrobo lnk - c u s r turbogwlan USRWLANG exe IE Convert link target to Adobe PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert link target to existing PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert selected links to Adobe PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIECaptureSelLinks html IE Convert selected links to existing PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIEAppendSelLinks html IE Convert selection to Adobe PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert selection to existing PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert to Adobe PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert to existing PDF - e progs adobe adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE AC E - - d -BC D- B D A DE - c program files aim aim exe IE B FE D - AA - F - C B- A F E - e partygaming partypoker RunApp exe IE FB F -F - d -BB E- C F - c program files messenger ms... Read more

A:Virtumonde / ms juan / fakealert

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/194734/virtumonde-ms-juan-fakealert/
Relevancy 39.99%

Thank you in advance for your assistance My problem is I have a lot of popups when I use the internet I'm not sure how I got these infections but I can't remove them I have taken the following steps to try to fix I deleted Internet Explorer and installed Mozilla I downloaded Malware Bytes and ran it several times both the quick and full scans Each time it finds and removes the following but they show back up the next time I run it sometimes back to back it finds them again Malware Trace Registry Key HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Trojan Vundo Registry Key HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System I have downloaded AVG free and run it but it does not locate or remove the problem Then I found this site I've followed the steps on your site and have run DDS I am pasting the DDS txt log here but the upload function will not allow me to upload the ATTACH txt log file I would copy and paste it into this forum but says to not copy and paste it DDS Version - NTFSx Run by Quentin at on Thu Internet Explorer Microsoft Windows XP Professional GMT - -- MS / Track Infected System Juan MS AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k Infected -- MS Juan / MS Track System DcomLaunchsvchost exeC Infected -- MS Juan / MS Track System WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Bonjour mDNSResponder exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system HPZipm exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system mqsvc exeC Program Files Hewlett-Packard Shared hpqwmiex exeC PROGRA AVG AVG avgrsx exeC WINDOWS system mqtgsvc exeC WINDOWS Explorer EXEC WINDOWS AGRSMMSG exeC Program Files Analog Devices Core smax pnp exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system igfxtray exeC WINDOWS system igfxpers exeC WINDOWS system igfxsrvc exeC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC WINDOWS SMINST Scheduler exeC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC DOCUME Quentin LOCALS Temp AutoDetect exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Common Files Sonic Shared CineTray exeC PROGRA WIDCOMM BLUETO BTSTAC EXEC Program Files iPod bin iPodService exeC Program Files Java jre bin jucheck exeC Program Files Mozilla Firefox firefox exeC WINDOWS system rundll exeC Documents and Settings Quentin Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google comuSearch Bar hxxp www google com ieuDefault Search URL hxxp www google com iemDefault Page URL hxxp www hp commDefault Search URL hxxp www google com ieuInternet Settings ProxyOverride localuSearchAssistant hxxp www google com ieuSearchURL Default hxxp www google com search q smSearchURL hxxp www google com mSearchAssistant hxxp www google com ieBHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dllBHO SSVHelper Class bb-d f - c-b eb-d Infected -- MS Juan / MS Track System daf d d - c program files java jre bin ssv dllBHO db bbe - - c a-cab -c e bcc ccb - e c- bac-a c - ebb bd - c windows system ujdqfv dllBHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dllBHO ooVoo Toolbar a a -bacc- d - - ee e - c progra oovoot OOVOOT DLLBHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLLBHO Google Toolbar Helper aa ed - dd- d - -cf f - c program files google googletoolbar dllBHO Google Toolbar Notifier BHO af de - d - -b fa-ce b ad d - c pr... Read more

A:Infected -- MS Juan / MS Track System

The Original Q,Welcome to Bleeping Computer! You may call me Mark. I will be helping you with your malware problems.Please read the following before we begin:Please remove any P2P programs you have installed before continuing. Not doing so can cause re-infection and make it much more difficult for us both.HijackThis logs and the other logs we may need require a lot of research, so please be patient with me. I know you want your PC back up and running as quick as possible, and I will do my best to achieve that for you.We will be working on malware issues for this particular machine. This may or may not solve other issues with this machine.The steps must be done in the exact order I give them. If you encounter a step that you do not understand, stop and ask! Don't continue. Also, the same applies if you encounter any errors. Stop there and let me know so I can work out which step needs to be taken next.Please continue to review my answers until I tell you your machine is clear. Absense of symptoms does not mean everything is clear!If you can do these things, everything should go smoothly. _______________________________________________________________________Please download Malwarebytes Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.Thanks,markamus

http://www.bleepingcomputer.com/forums/t/191316/infected-ms-juan-ms-track-system/
Relevancy 39.99%

I can't seem to delete the trojan vundo ms Trojan.Vundo Infected JUAN) with (MS juan from my computer I've tried running ad-ware super anti-spyware and malwarebytes anti-malware Everytime after I am finished running these programs a detection occurs and I am asked to remove the trojan However every time I check my registry keys again both quot MS Juan quot and quot MS Track System quot reappear I've continuously run these programs to try and remove the trojan yet it won't delete from my registry keys It seems that the only time pop-ups appear is when doing a google search DDS Version - NTFSx Run by ngo at on Sat Internet Explorer Microsoft Windows XP Infected with Trojan.Vundo (MS JUAN) Professional GMT - AV Norton AntiVirus On-access scanning enabled Updated FW Norton Internet Worm Protection enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C Program Files Intel Wireless Bin EvtEng exe C Program Infected with Trojan.Vundo (MS JUAN) Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin ZcfgSvc exe svchost exe C WINDOWS Explorer EXE svchost exe C Program Files Common Files Infected with Trojan.Vundo (MS JUAN) Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C WINDOWS system drivers CDAC BA EXE C WINDOWS CDProxyServ exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Toshiba TOSHIBA RAID Service kraidsvc exe C Program Files Norton AntiVirus navapsvc exe C Program Files Norton AntiVirus IWP NPFMntor exe C WINDOWS system nvsvc exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe -k imgsvc c TOSHIBA IVP swupdate swupdtmr exe C Program Files Viewpoint Common ViewpointService exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS system THotkey exe C WINDOWS eHome ehmsas exe C WINDOWS system TFNF exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe C WINDOWS system rundll exe C Program Files TOSHIBA TOSHIBA Picture Enhancement Utility TosPEHK exe C Program Files Analog Devices SoundMAX SMax PNP exe C Program Files Toshiba Tvs TvsTray exe C Program Files Apoint K Apoint exe C Program Files TOSHIBA TouchED TouchED Exe C Program Files TOSHIBA Touch and Launch PadExe exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA Wireless Hotkey TosHKCW exe C WINDOWS system TPSMain exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TPSBattM exe C Program Files Apoint K Apntex exe C Program Files Toshiba TOSHIBA RAID Console Kraidman exe C Program Files Common Files Symantec Shared ccApp exe C WINDOWS system dla tfswctrl exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files DIGStream digstream exe C Program Files Common Files Real Update OB realsched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Messenger msmsgs exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C WINDOWS system RAMASST exe C Program Files iPod bin iPodService exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C Program Files Toshiba Bluetooth To... Read more

A:Infected with Trojan.Vundo (MS JUAN)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThis may seem repetitive, but we need to see the current status of your system, please.Please Hold on it may take us a day or so to get back with you.

http://www.bleepingcomputer.com/forums/t/189606/infected-with-trojanvundo-ms-juan/
Relevancy 40.42%

Somehow picked up a lovely virtumonde virus yesterday, have tried everything to get rid of it but its just not going away!!
Malwarebytes scan picks up the same to infections everytime (MS Juan and MS Track in registry) but delete/quarantine won't get rid of them they just come back in the next scan. Any suggestions?? HJL ATTACHED

A:Virtumonde - MS Juan and MS Track

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/191459/virtumonde-ms-juan-and-ms-track/
Relevancy 40.42%

I've seen a lot of people have this exact same problem but I'm doubtful the same technique will work on my computer I seem to have both these MS TRACK & JUAN SYSTEM MS Malware installed and I've ran Malwarebytes' Anti-Malware I've received this log MS JUAN & MS TRACK SYSTEM Malwarebytes' Anti-Malware Database version Windows Service Pack AMmbam-log- - - - - txtScan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft Windows CurrentVersion Uninstall prunnet Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE xpreapp Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C System Volume Information restore B BB C - AA - AA-B -D FF B RP A exe Trojan Downloader - gt Quarantined and deleted successfully C WINDOWS system qoMGXnNH dll Trojan Vundo - gt Quarantined and deleted successfully All files have been deleted except MS JUAN and MS TRACK SYSTEM--everytime I reboot or just wait a while for that matter these files come back Here is my HiJackThis Log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files InterVideo DeviceService DevSvc exeC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS system svchost exeC WINDOWS system Tablet exeC Program Files Common Files Ulead Systems DVD ULCDRSvr exeC Program Files Viewpoint Common ViewpointService exeC Program Files Webroot Spy Sweeper SpySweeper exeC WINDOWS system WTablet TabUserW exeC WINDOWS system Tablet exeC WINDOWS Explorer EXEC Program Files Toshiba Tvs TvsTray exeC Program Files Apoint K Apoint exeC WINDOWS RTHDCPL EXEC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files Java jre bin jusched exeC Program Files Apoint K Apntex exeC Program Files iTunes iTunesHelper exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Last fm LastFMHelper exeC Program Files iPod bin iPodService exeC WINDOWS System svchost exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride l... Read more

A:MS JUAN & MS TRACK SYSTEM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERER,K

http://www.bleepingcomputer.com/forums/t/191386/ms-juan-ms-track-system/
Relevancy 38.7%

Hi Below the row of astericks SYSTEM) infection HJT Vundo for regenerating JUAN/MS TRACK on (MS reboot log I have attached my Hijack This log Note I ran this log after running MBAM and quarantining my two stubborn bugs So I don't know if the problem will show up in my log Once I reboot the problem will be back and maybe I should run HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot this log again then further explanation is below And here is a description of the status of my problem I was alerted to a malware infection the other night by AVG and Zone Alarm as well as by the fraudulent quot scan your computer quot pop ups and other IE pop ups even though I use Firefox and the fact that I couldn't run Windows automatic updates Using Spybot and Malwarebytes Anit-malware MBAM I was able to reduce a big infection including HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot lots of Virtumonde Vundo bugs and a few Smitfraud-C and MyWay MyWebSearch bugs and recover my access to Windows Updates But two bugs remain HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot regenerating every time I reboot They are HKEY LOCAL MACHINE SOFTWARE MICROSOFT MS JUAN Malware Trace andHKEY LOCAL MACHINE SOFTWARE MICROSOFT MS TRACK SYSTEM Trojan Vundo When I quarantine remove these with MBAM the next scan shows zero infections until I reboot Then the same two registry key infections show up just to disappear again until reboot I'm doing this all in safe mode and my wireless internet radio is disabled Also I've tried scanning with Trojan Remove AVG VundoFix and Spybot again and they all reveal nothing I also uninstalled Java and manually removed remaining files though I can see there are still files remaining in regedit that I'm afraid to mess with And I've been repeatedly running RegSeeker and cleaning stuff out of some temp folders though I'm not sure which ones matter and whether I should delete all files including desktop ini files etc I have downloaded SuperAntiSpyware but haven't used it yet and it was not able to get updates from the web for some reason actually i wasn't able to get them for MBAM either and I've heard about ComboFix but don't know if I need that I've also read about using Avenger to remove certain targeted files I don't really understand which to choose and in what sequence or how to use them I was hoping some kind soul with experience with this particular pattern would walk me through what to do at this stage Thanks in advance Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files Adobe Adobe Version Cue CS bin VersionCueCS exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Common Files Autodesk Shared Service AdskScSrv exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC WINDOWS system CTsvcCDA exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS System svchost exeC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Common Files Seagate Schedule schedul exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system ZoneLabs vsmon exeC Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exeC WINDOWS Explorer EXEC WINDOWS system wuauclt exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system hkcmd exeC WINDOWS system i... Read more

A:HJT log for Vundo infection (MS JUAN/MS TRACK SYSTEM) regenerating on reboot

Hello shearaWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.Please post your HJT log this way as its unreadable the way you posted itOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

http://www.bleepingcomputer.com/forums/t/189312/hjt-log-for-vundo-infection-ms-juanms-track-system-regenerating-on-reboot/
Relevancy 37.84%

I'm having trouble removing MS Juan Malware Trace and MS Track System Trojan Vundo from my laptop which is running Windows XP Professional SP I've run Spybot Malwarebytes' Anti-Malware and Symantec and I can't seem to remove the trojans I'm starting to have many pop-ups when using any browser app Things seem to be running much slower on my PC as well Any help would be appreciated Thank you Here's my HijackThis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system ibmpmsvc exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files ThinkPad Bluetooth Software bin btwdins exeC WINDOWS system Ati evxx exeC WINDOWS system GtDetectSc exeC Program Files Common Files Symantec Shared ccSetMgr exeC WINDOWS system spoolsv exeC WINDOWS system IPSSVC EXEC Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system bmwebcfg exeC Program Files Bonjour mDNSResponder exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files Symantec AntiVirus DefWatch exeC WINDOWS SYSTEM DWRCS EXEC Program Files Intel Wireless Bin EvtEng exeC WINDOWS System svchost exeC WINDOWS system inetsrv inetinfo exeC Program Files Java jre bin jqs exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Oracle ODrive XfsSvcCon exeC Program Files OpenCASE OpenCASE Media Agent MediaAgent trouble MS Juan removing System Track (Malware.Trace) Having (Trojan.Vundo) MS and exec Program Files PatchLink Update Agent Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo) GravitixService exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exec program files lenovo system update suservice exeC WINDOWS System TPHDEXLG exeC WINDOWS system TpKmpSVC exeC Program Files Novell ZENworks Asset Management bin CClientSvc exeC Program Files Common Files Lenovo Scheduler tvtsched exeC Program Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo) Files Novell ZENworks Asset Management bin CClient exeC Program Files VMware VMware Workstation vmware-authd exeC Program Files Common Files VMware VMware Virtual Image Editing vmount exeC WINDOWS system vmnat exeC Program Files Common Files WinAgents TftpService exeC Program Files ThinkPad ConnectUtilities AcSvc exeC WINDOWS system vmnetdhcp exeC Program Files Novell ZENworks Asset Management bin TSUsage exeC Program Files ThinkPad ConnectUtilities SvcGuiHlpr exeC Program Files Microsoft ActiveSync wcescomm exeC WINDOWS Explorer EXEC WINDOWS SYSTEM DWRCST exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system TpShocks exeC PROGRA ThinkPad UTILIT EzEjMnAp ExeC Program Files Lenovo HOTKEY TPOSDSVC exeC PROGRA THINKV PrdCtr LPMGR exeC WINDOWS System DLA DLACTRLW EXEC WINDOWS system rundll exeC Program Files Lenovo HOTKEY TPONSCR exeC WINDOWS system TpScrLk exeC Program Files Lenovo PkgMgr HOTKEY TpScrex exeC Program Files Analog Devices Core smax pnp exeC Program Files PatchLink Update Agent pddm exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC WINDOWS Logi MwX ExeC Program Files Java jre bin jusched exeC Program Files Adobe Reader Reader Reader sl exeC Program Files Common Files Lenovo Scheduler scheduler proxy exeC Program Files iTunes iTunesHelper exeC Program Files ATI Technologies ATI ACE Core-Static MOM EXEC WINDOWS system rundll exeC WINDOWS system ctfmon exeC Program Files Common Files InstallShield UpdateService ISUSPM exeC Program Files ThinkPad Bluetooth Software BTTray exeC Program Files Digital Line Detect DLG exeC Program Files ATI Te... Read more

A:Having trouble removing MS Juan (Malware.Trace) and MS Track System (Trojan.Vundo)

Please download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. RSIT log.txt2. RSIT info.txt3. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/189994/having-trouble-removing-ms-juan-malwaretrace-and-ms-track-system-trojanvundo/
Relevancy 40.42%

I recently got infected with the Virtumonde malware I found that it may have exploited one of the several unverified Java add-ons for MS + Track MS System Juan IE that MS Juan + MS Track System I have I disabled these and ran several anti-spyware programs with no results Eventually I found Malwarebyte's Anti-Malware and this took care of all the threats but of them returned Aafter some research I found that lots of people are having the same problem with MS Juan I've tried every combination of safe boot normal boot deleting with Malwarebyte manually deleting changing permissions and using a registry security program and nothing seems to keep these registry keys from returning Also in the few minutes since I reenabled my internet connection to run the logs and create this post more infections seem to have been brought in HijackThis LogLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system Ati evxx exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exec program files common files logishrd lvmvfm LVPrcSrv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Autodesk Data Management Server Server Dispatch Connectivity WindowsService JobDispatch exeC Program Files Autodesk Data Management Server Server Webserver Connectivity EDMWS Server exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC WINDOWS system CTsvcCDA exeC Program Files Java jre bin jqs exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee VirusScan McShield exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files McAfee MSK MskSrver exec PROGRA mcafee com agent mcagent exeC Program Files Dell QuickSet NICCONFIGSVC exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS SYSTEM Rpcnet exeC Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system Rundll exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Dell Media Experience DMXLauncher exeC DOCUME IVORYT LOCALS Temp clclean C Program Files HP HP Software Update HPWuSchd exeC WINDOWS system RunDll exeC Program Files Creative Shared Files Module Loader DLLML exeC Program Files Creative SBLive -Bit External Surround Mixer CTSysVol exeC Program Files Java jre bin jusched exeC Program Files Common Files LogiShrd LComMgr Communications Helper exeC Program Files iTunes iTunesHelper exeC Program Files Creative MediaSource Detector CTDetect exeC WINDOWS system ctfmon exeC Program Files AIM aim exeC Program Files Digital Line Detect DLG exeC Program Files Creative SBLive -Bit External Entertainment Center EAXLoadr exeC Program Files HP digital imaging bin hpqtra exeC Program Files iPod bin iPodService exeC Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exeC Program Files Logitech SetPoint SetPoint exeC Program Files Common Files LogiShrd LComMgr LVComSX exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Program Files AIM ... Read more

A:MS Juan + MS Track System

Hi,I see Viewpoint is installed.. Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.open HijackThis, click do a scan only and place a check next to the following entries:O2 - BHO: {c47d9e35-a7a5-64d9-2594-a7ed196c83a6} - {6a38c691-de7a-4952-9d46-5a7a53e9d74c} - C:\WINDOWS\system32\lxbify.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O20 - AppInit_DLLs: lxbify.dllClose all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.Reboot and post a new Hijackthis log. Let me know how things are running.

http://www.bleepingcomputer.com/forums/t/190489/ms-juan-ms-track-system/
Relevancy 39.56%

I'll try to be as detailed as possible. The kids computer was infected with massive amounts of spyware (we run McAfee, but somehow they clicked something that bypassed it). I tried to download Spybot S&D (blocked access to internet), Was able to download Ad-Aware (but it later shut down access), and then downloaded Malawarebytes and SuperAntiSpyware to a flash drive and installed them on the computer (access to download updates blocked). Additionally, I ran Vundofix (came up with no infection - HAH) and Symantec FXvMonde.

Both MWB and SAS find and "eliminate" the problems, but they come back immediately. As of now, Internet explorer, McAfee and any updates are not able to access the internet. However, when I took Firefox back over (by cancelling the proxy server requirement the spyware had added), I was able to access. Firefox is now the default browser, but popups are happening there as well.

A:Can't shake the Vundo Variant / MS Juan Blues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREThis may seem repetitive, but we need to see the current status of your system.Please Hold on it may take us a day or so to get back with you.R,K

http://www.bleepingcomputer.com/forums/t/190334/cant-shake-the-vundo-variant-ms-juan-blues/
Relevancy 41.28%
Q: MS Juan

Norton did not detect anything but I kept getting random popups on Firefox Downloaded Malwarebytes- Anti-malware and Spybot S amp D and while both keep finding MS Juan in the registry and delete it keeps coming back I have made sure that Spybot's TeaTimer is not undoing the deletion and I don't know what to try next Right now I still get popups I am getting errors saying that my subscription to Norton is done still has ish days left and I usually have a process going named explorer exe running even Juan MS though I do not have Internet Explorer enabled on my computer DDS Version - NTFSx Run by Christopher Kallas at on Tue BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Norton AntiVirus On-access scanning enabled MS Juan Updated FW Norton AntiVirus enabled Running MS Juan Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C MS Juan Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Java jre bin jqs exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C Program Files Norton AntiVirus Norton AntiVirus Engine ccSvcHst exe C WINDOWS System nvsvc exe C Program Files Sunbelt Software CounterSpy SBAMSvc exe C WINDOWS system wscntfy exe C Program Files Norton AntiVirus Norton AntiVirus Engine ccSvcHst exe C WINDOWS Explorer EXE C WINDOWS RTHDCPL EXE C Program Files iTunes iTunesHelper exe C WINDOWS Samsung PanelMgr ssmmgr exe C WINDOWS system RUNDLL EXE C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PifSvc exe C Program Files Java jre bin jusched exe C WINDOWS system rundll exe C Program Files Sunbelt Software CounterSpy SBAMTray exe C WINDOWS System svchost exe -k HTTPFilter C Program Files iPod bin iPodService exe C WINDOWS system taskmgr exe C Program Files Mozilla Firefox firefox exe C WINDOWS system wuauclt exe C Program Files Malwarebytes' Anti-Malware mbam exe C Documents and Settings Christopher Kallas My Documents Downloads dds scr Pseudo HJT Report BHO Spybot-S amp D IE Protection - F - D - - D F - c progra spybot SDHelper dll mRun nwiz nwiz exe install mRun RTHDCPL RTHDCPL EXE mRun SkyTel SkyTel EXE mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun Samsung PanelMgr c windows samsung panelmgr ssmmgr exe autorun mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun Symantec PIF AlertEng quot c program files common files symantec shared pif b e dd - - c -b f- f fca a pifsvc exe quot a m quot c program files common files symantec shared pif b e dd - - c -b f- f fca a AlertEng dll quot mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun SBAMTray c program files sunbelt software counterspy SBAMTray exe IE DFB A - F - C -A - CAB FD A - - F - D - - D F - c progra spybot SDHelper dll AppInit DLLs jrzimm dll FIREFOX FF - ProfilePath - c docume christ applic mozilla firefox profiles wxnszah default FF - prefs js browser startup homepage - hxxp google com FF - component c documents and settings all users application data norton c c - f d- f -aaa - ef e norton ipsffplgn components IPSFFPl dll FF - plugin c program files mozilla firefox plugins npitunes dll SERVICES DRIVERS R SymEFA Symantec Extended File Attributes SystemRoot SystemRoot System Drivers NAV SYMEFA SYS R BHDrvx Symantec Heuristics Driver c windows system drivers nav BHDrvx sys - - R ccHP Symantec Hash Provider c windows system drivers nav ccHPx sys - - R IDSxpx IDSxpx c documents and settings all users application data norton c c - f d- f -aaa - ef e norton definitions ipsdefs IDSxpx sys - - R sbaphd sbaphd c windows system drivers sbaphd sys - - R Norton AntiVirus Norton AntiVirus quot c program files norton antivirus norton antiviru... Read more

A:MS Juan

Hello borke, to BleepingComputer, My Nick is Net_Surfer, and I will be assisting you with your malware issues.Whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.Please continue to respond to this thread until I give you the All Clean!. If you have any question or you're stuck in there please reply it to me. I will try my best to help you.!Please take note of the following:You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown Here. 1. Please do not make any system changes yet. as any changes you make may well alter your log. 2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean. 3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes. 4. Most Important - Only do what I ask you to do. 5. Please reply to this thread. Do not start a new topic.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Please complete the steps below, I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.you should NOT make further changes to your computer] (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member or myself, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause some confusion and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from and myself, until we have verified your log as clean.Step #1). Please Close/disable your anti virus and anti malware programs including TeaTimer. so they do not interfere with the fixing tools we are about to run. Instructions for doing so are located Click HEREHow to disable SPYBOT TEATIMER Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and click "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done.(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.)Important! Reboot to make these changes take effect. Step #2).Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<Read more

http://www.bleepingcomputer.com/forums/t/188878/ms-juan/
Relevancy 40.42%

I keep getting Firefox pop ups I ran Malwarebytes anti malware and it says it got rid of it but pop ups still occurring Please help DDS Version - NTFSx Run by Mark at on Mon Internet Explorer BrowserJavaVersion Microsoft MS and Trojan.Vundo Juan Windows XP Home Edition GMT - AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC Program Files Lavasoft Ad-Aware aawservice MS Juan and Trojan.Vundo exeC WINDOWS Explorer EXEC Program Files Java jre bin jusched exeC Program Files CyberLink PowerDVD DX PDVDDXSrv exeC Program Files Google Google Desktop Search GoogleDesktop exeC WINDOWS RTHDCPL EXEC Program Files Lexmark Series lxczbmgr exeC WINDOWS system RUNDLL EXEC Program Files Common Files Ulead Systems AutoDetector monitor exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft IntelliPoint ipoint exeC WINDOWS system LEXBCES EXEC Program Files McAfee com Agent mcagent exeC Program Files DellSupport DSAgnt exeC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Lexmark Series lxczbmon exeC program files steam steam exeC WINDOWS system ctfmon exeC Program Files Skype Phone Skype exeC Program Files Microsoft IntelliPoint dpupdchk exeC Program Files Citrix GoToMeeting g mstart exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files eFax Messenger J GTray exeC Program Files TechSmith SnagIt SnagIt exeC Program Files Citrix GoToMeeting g mcomm exeC Program Files OpenOffice org program soffice exeC Program Files TechSmith SnagIt TSCHelp exeC Program Files OpenOffice org program soffice BINC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Java jre bin jqs exeC Program Files Citrix GoToMeeting g mlauncher exeC Program Files McAfee SiteAdvisor McSACore exeC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MSK MskSrver exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exeC WINDOWS system PSIService exeC WINDOWS system rundll exeC Program Files Dell Support Center bin sprtsvc exeC WINDOWS system svchost exe -k imgsvcC Program Files Skype Plugin Manager skypePM exeC Program Files iPod bin iPodService exeC Program Files McAfee MPF MPFSrv exeC PROGRA McAfee VIRUSS mcsysmon exeC WINDOWS system igfxsrvc exeC WINDOWS system taskmgr exeC Program Files Mozilla Firefox firefox exeC Program Files Outlook Express msimn exeC Documents and Settings Mark Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Page hxxp www google com hws sb dell-usuk en side html channel usuDefault Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd uSearch Bar hxxp www google com hws sb dell-usuk en side html channel usuSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uInternet Settings ProxyOverride localuSearchAssistant hxxp www google com ieuSearchURL Default hxxp search yahoo com search fr mcafee amp p smSearchAssistant hxxp www google com hws sb dell-usuk en side html channel usuURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dllBHO HelperObject Class c d-c - c - -fce ad c - c program files techsmith snagit SnagItBHO dllBHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c progra yahoo companion installs cpn yt dllBHO NoExplorer - No FileBHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c program files yahoo common yiesrvc dllBHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c progr... Read more

A:MS Juan and Trojan.Vundo

Hi,sorry for the delay.Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply togheter with the MBAM log you've saved earlier.

http://www.bleepingcomputer.com/forums/t/190403/ms-juan-and-trojanvundo/
Relevancy 38.7%

First off thank you guys so much for helping me out just a short while ago I'm pretty good at keeping safe online but somehow got hit with my Juan MS / MS (Malware.Trace) (Trojan.Vundo) System Track second virus in just a few weeks I appreciate what you guys do and do plan on donating to you Okay on with this I have run Malwarebytes Anti-Malware and ComboFix and MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo) attached the logs It seems that its two files that just won't go away They have latched onto Acrobat Malwarebytes' Anti-Malware Database version Windows Service Pack PMmbam-log- - - - - txtScan type Full Scan C Objects scanned Time elapsed minute s second s Memory Processes Infected Memory MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo) Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt No action taken HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt No action taken Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected ComboFix - - - Kienzle - - - NTFSx Microsoft Windows XP Professional GMT - Running from c downloaded apps ComboFix exe Files Created from - - to - - - - - - lt DIR gt d-------- c documents and settings All Users Application Data ScanSoft - - - - lt DIR gt d-------- c program files AviSynth - - - - lt DIR gt d-------- c program files Avi Dvd - - - - lt DIR gt d-------- c documents and settings All Users Application Data vsosdk - - - - lt DIR gt d-------- c program files VSO - - - - lt DIR gt d-------- c documents and settings Kienzle Application Data Vso - - - - --a------ c windows gdiplus dll - - - - --a------ c windows system wvc dmod dll - - - - --a------ c windows system vp vfw dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system drv dll - - - - --a------ c windows system cook dll - - - - --a------ c windows system drivers pcouffin sys - - - - --a------ c documents and settings Kienzle Application Data pcouffin sys - - - - lt DIR gt d-------- c program files DupeEliminator - - - - --a------ C error - - - - --a------ C stdout - - - - lt DIR gt d-------- c documents and settings Kienzle Application Data GlarySoft - - - - lt DIR gt d-------- c program files Glary Utilities - - - - lt DIR gt d-------- c program files Duplicate Music Files Finder - - - - lt DIR gt d-------- c program files iTunes - - - - lt DIR gt d-------- c program files iPod - - - - lt DIR gt d-------- c documents and settings All Users Application Data BE AF F A F CA CB BCF - - - - --a------ c windows system GEARAspi dll - - - - --a------ c windows system drivers GEARAspiWDM sys - - - - --------- c windows system dllcache ieframe dll - - - - --------- c windows system dllcache ieapfltr dat - - - - --------- c windows system dllcache ieframe dll mui - - - - --------- c windows system dllcache msfeeds dll - - - - --------- c windows system dllcache ieapfltr dll - - - - --------- c windows system dllcache iertutil dll - - - - --------- c windows system dllcache icardie dll - - - - --------- c windows system dllcache msfeedsbs dll - - - - --a------ c windows system dllcache custsat dll - - - - --------- c windows system dllcache ieudinit exe - - - - --a------ c windows system javacpl cpl - - - - lt DIR gt d-------- C FALL - - - - --a------ c windows system dllcache explorer exe - - - - --a------ c windows explorer exe - - - - lt DIR gt d-------- C rsit - - - - lt DIR gt d-------- c program files trend micro - - - - lt DIR gt d-------- c program files Lavasoft - - - - lt DIR gt d-------- c program files Common Files Wise Instal... Read more

A:MS Juan (Malware.Trace) / MS Track System (Trojan.Vundo)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.First we want to remove Combofix. It's a powerful program and there is no room for error if you make a mistake.Follow this process to uninstall Combofix. It will also restore a few settings and remove quarantined items. Click START then RUN Now type Combofix /u in the runbox and click OK

Please download DDS and save it to your desktop.Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. A second report, Attach.txt will open next.Save both reports to your desktop.Please copy and paste both logs into your next reply.=============The next log will show us any hidden files that are present.Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.Note: If you have any problems, try running GMER in SAFE MODE"Important! Please do not select the "Show all" checkbox during the scan..

http://www.bleepingcomputer.com/forums/t/188570/ms-juan-malwaretrace-ms-track-system-trojanvundo/
Relevancy 40.42%

Note I've ran Ad-aware spybot CCleaner Avast SuperANTISPyware Malwarebytes' Anti-maleware CompFix MGTools Juan / remove Virtumonde MS Help and Hijackthis First of all this is what I can't remove Adware Vundo Variant Rel HKLM SOFTWARE Microsoft MS Juan HKLM SOFTWARE Microsoft MS Juan DJZERO HKLM SOFTWARE Microsoft MS Juan JKWL HKLM SOFTWARE Microsoft MS Juan metajuan HKLM SOFTWARE Microsoft MS Juan meta mg HKLM SOFTWARE Microsoft MS Juan profiling HKLM SOFTWARE Microsoft MS Juan superjuan HKLM SOFTWARE Microsoft MS Juan TrackDJuanHere is the HiJacklog Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Safe mode with network supportRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS Help remove MS Juan / Virtumonde system services exeC WINDOWS system lsass exeC WINDOWS system Help remove MS Juan / Virtumonde svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files SUPERAntiSpyware f f d -fd - - - b c exeC WINDOWS system ctfmon exeC Program Files Malwarebytes' Anti-Malware mbam exeC windows-kb -v exez cb fcb f mrtstub exeC WINDOWS system MRT exeC HiJackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www hcmc netnam vn weblh andi ndc htmR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http google com O - BHO no name - D -C F - efb- B - ECA - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - Toolbar Veoh Browser Plug-in - D - - -A B -AEFAF AB - D Program Files Veoh Plugins reg VeohToolbar dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - C Program Files Adobe Adobe Contribute CS contributeieplugin dllO - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKLM Run WinVNC quot C Program Files UltraVNC winvnc exe quot -servicehelperO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run WinampAgent quot D Program Files Winamp winampa exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run IndxStoreSvr E - C C- d f- C - D A B AA quot C Program Files Common Files Nero Lib NMIndexStoreSvr exe quot ASO- B - DAE- -A F- A E O - HKCU Run SUPERAntiSpyware C Program Files SUPERAntiSpyware SUPERAntiSpyware exeO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dllO - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra 'Tools' menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dllO - Extra button PokerStars - AD F C-ED - e -B D - B F A EF - C Program Files PokerStars PokerStarsUpdate exeO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLLO - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exeO - Extra button no name - DFB A - F - C -A - CAB FD A - C Program Files Spybot - Search amp Destroy SDHelper dllO - Extra 'Tools' menuitem Spybot - Search amp amp ... Read more

A:Help remove MS Juan / Virtumonde

Wow this is a popular malware this week

http://www.bleepingcomputer.com/forums/t/187113/help-remove-ms-juan-virtumonde/
Relevancy 39.99%

About a week ago I started getting pop-ups After exhaustive scans using Norton Malwarebytes and Super Antispyware I was still left with MS Juan and MS Track System The pop-ups are an annoyance and I occasionally get the dreaded Antivirus and Antivirus pop-ups About days ago I switched from Norton Antivirus to AVG Now no matter how many scans with Infected System MS Juan/MS Track I run and no matter how many times Infected with MS Juan/MS Track System I quarantine remove the threats they still come right back I have tried to remove some of the files manually but to no avail Please help me get rid of these ridiculous things Here are the requested logs Logfile of random's system information tool written by random random Run by Chris and Jamie at - - Microsoft Windows XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin ZcfgSvc exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware aawservice exeC PROGRA Intel Wireless Bin XConfig exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC PROGRA AVG AVG avgrsx exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exeC PROGRA AVG AVG avgemc exeC Program Files Canon CAL CALMAIN exeC WINDOWS system dllhost exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS ehome ehtray exeC WINDOWS eHome ehmsas exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS stsystra exeC Program Files ScanSoft OmniPageSE OpwareSE exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files iTunes iTunesHelper exeC Program Files Common Files LogiShrd LComMgr Communications Helper exeC Program Files Logitech QuickCam Quickcam exeC Program Files Java jre bin jusched exeC PROGRA AVG AVG avgtray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Tunebite tunebite exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Program Files iPod bin iPodService exeC Program Files Skype Phone Skype exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Skype Plugin Manager skypePM exeC WINDOWS system rundll exeC WINDOWS system spider exeC Program Files Mozilla Firefox firefox exeC Documents and Settings Chris and Jamie Desktop DOWNLOADS RSIT exeC Program Files Trend Micro HijackThis Chris and Jamie exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files ... Read more

A:Infected with MS Juan/MS Track System

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/188313/infected-with-ms-juanms-track-system/
Relevancy 35.26%

Greetings I have been struggling for over a week to remove a bad infection of what seems to be multiple viruses including Virtumonde Vundo H Rootkit TDSServ MS Juan and MS Track System I had Super Super Anti Spyware at one point as well I have read numerous forums and have followed instructions to run the latest versions of SpyBoy S amp D Adaware / Vundo.H / TDSServ / Vundo MS Virtumonde / MS Track Juan Rootkit Variants: System SuperAntiSpyware MalwareBytes Anti-Spyware and VundoFix While I seemed to get the infection s against the ropes it continues to persist and re-populate itself and others on my PC The PC runs slow I get Firefox pop up windows and my Internet Explorer settings have been dropped to accept all cookies Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ even when I change them back to default I was running an older version of Java which I have since uninstalled I have Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ downloaded and installed the latest version RSIT HJT Data Report follows Please help me Logfile of random's system information tool written by random random Run by Robert at - - Microsoft Windows XP Home Edition Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Windows Media Player WMPNSCFG exeC WINDOWS system spoolsv exeC Program Files Webshots WebshotsTray exeC WINDOWS system cisvc exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exeC Program Files Raxco PerfectDisk PDSched exeC Program Files McAfee MPF MPFSrv exeC WINDOWS system cidaemon exeC Program Files Java jre bin jusched exeC Program Files Java jre bin jqs exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system NOTEPAD EXEC Program Files Internet Explorer iexplore exeC WINDOWS system rundll exeC PROGRA McAfee MSC mcmscsvc exeC PROGRA McAfee VIRUSS mcshield exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files McAfee SiteAdvisor McSACore exeC Program Files Java jre bin java exec PROGRA mcafee com agent mcagent exec program files common files mcafee mna mcnasvc exec PROGRA mcafee msc mcshell exeC PROGRA McAfee VIRUSS mcsysmon exeC Documents and Settings Robert Desktop RSIT exeC Program Files Trend Micro HijackThis Robert exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dellnet comR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - CDD A-C F - DA - ED - E A C - C WINDOWS system byXNgeFX dll file missing O - BHO no name - A B - D - F-BDF - FA B D C - C WINDOWS system efcCuTnN dll file missing O - BHO de f a-ee - fa- ad - df b - b -fd - da -af - eea f ed - C WINDOWS system okriov dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavCli... Read more

A:Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/188393/vundo-variants-ms-juan-ms-track-system-vundoh-virtumonde-rootkit-tdsserv/
Relevancy 39.56%

Hello all I recently got rid of most of an Virtumondo infection off this system Everything except for quot Malware Trace quot Ms Malware.Trace Juan) Keeps back! coming (MS Juan I've run everything but it reappears after its been quot removed quot The only other system still present is pop ups My HijackThis Log Logfile of Trend Malware.Trace (MS Juan) Keeps coming back! Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System Malware.Trace (MS Juan) Keeps coming back! smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC PROGRA Malware.Trace (MS Juan) Keeps coming back! AVG AVG avgwdsvc exeC WINDOWS System svchost exeC PROGRA AVG AVG avgrsx exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system wscntfy exeC WINDOWS RTHDCPL EXEC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system rundll exeC Program Files Mozilla Firefox firefox exeC Program Files Yahoo Messenger YahooMessenger exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http centurytel myway comO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - f fe- - cf-a - a b fbf - no file O - BHO no name - B A- - F -A A - A B A - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - F F- - B - -A EB AE C - no file O - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exeO - HKLM Run RTHDCPL RTHDCPL EXEO - HKLM Run Alcmtr ALCMTR EXEO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run USRpdA C WINDOWS SYSTEM USRmlnkA exe RunServices Device cpipe-USRpdAO - HKLM Run AVG TRAY C PROGRA AVG AVG avgtray exeO - HKCU Run PeerGuardian C Program Files PeerGuardian pg exeO - HKCU Run DAEMON Tools Lite quot C Program Files DAEMON Tools Lite daemon exe quot -autorunO - Global Startup Adobe Gamma Loader exe lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dllO - Extra 'Tools' menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dllO - Protocol linkscanner - F C- F - D -A D -FBDDE F D - C Program Files AVG AVG avgpp dllO - Winlogon Notify cbXRHbbX - C WINDOWS O - Service Lavasoft Ad-Aware Service aawservice - Lavasoft - C Program Files Lavasoft Ad-Aware aawservice exeO - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS System Ati evxx exeO - Service ATI Smart - Unknown owner - C WINDOWS system ati sgag exeO - Service AVG Free WatchDog avg wd - AVG Technologies CZ s r o - C PROGRA AVG AVG avgwdsvc exeO - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exeO - Service iPodService - Apple Computer Inc - C Program Files iPod bin iPodService exe--End of file - bytes

A:Malware.Trace (MS Juan) Keeps coming back!

Hello FFg64,Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O2 - BHO: (no name) - {1137f5fe-5815-41cf-a581-17a0948b9fbf} - (no file)O2 - BHO: (no name) - {20B3988A-7503-42F8-A5A2-022A309B83A4} - (no file)O2 - BHO: (no name) - {F352626F-9196-47B7-9424-A7EB6AE406C3} - (no file)O20 - Winlogon Notify: cbXRHbbX - C:\WINDOWS\Close all browsers and other windows except for HijackThis!, and click "Fix checked".Reboot your computer.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Thanks,tea

http://www.bleepingcomputer.com/forums/t/188678/malwaretrace-ms-juan-keeps-coming-back/
Relevancy 39.56%

I've been having problems with viruses recently so this seemed like the logical place to go I had MS track MS and or system(virtumonde Juan smitfraud?) two major infections of smitfraud and virtumonde I think smitfraud is gone but I'm pretty sure virtumonde is still there because when i run malwarebytes' anti malware i MS Juan and MS track system(virtumonde or smitfraud?) still get Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Quarantined MS Juan and MS track system(virtumonde or smitfraud?) and deleted successfully HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully for my registry key infections I've seen ALOT of people have this exact problem but I am not sure if the methods I saw them fix it with will work for me the problem on the computer is pop-ups every so often usually only when i switch websites If I stay at a site for a while the pop-ups stop anyway here is the DDS log--- DDS Version - NTFSx Run by ERIC at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated FW Norton AntiVirus enabled FW ZoneAlarm Firewall enabled Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Linksys Wireless-G PCI Wireless Network Monitor WLService exe C Program Files Linksys Wireless-G PCI Wireless Network Monitor WMP Gv exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgemc exe C WINDOWS system dllhost exe C WINDOWS system Ati evxx exe C WINDOWS system wscntfy exe C WINDOWS Explorer EXE C WINDOWS ehome ehtray exe C HP KBD KBD EXE C Program Files Common Files InstallShield UpdateService issch exe C Program Files Java jre bin jusched exe C Documents and Settings ERIC Desktop iTunes iTunesHelper exe C PROGRA AVG AVG avgtray exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C WINDOWS eHome ehmsas exe C Program Files iPod bin iPodService exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Mozilla Firefox firefox exe C Program Files Malwarebytes' Anti-Malware mbam exe C WINDOWS system NOTEPAD EXE C Documents and Settings ERIC Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uDefault Search URL hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PRESARIO amp pf desktop uSearch Bar hxxp www google com ie mStart Page hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd PRESARIO amp pf desktop mSearch Bar hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PRESARIO amp pf desktop uInternet Connection Wizard ShellNext hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd PRESARIO amp pf desktop uInternet Settings ProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s mSearchAssistant hxxp www google com ie BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO ce -e ab- a- - c fd b - c windows system pmnlLefC dll BHO... Read more

A:MS Juan and MS track system(virtumonde or smitfraud?)

Hi, ericgarfinkle Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Double click on combofix.exe & follow the prompts.Install the Recovery Console upon request.When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://www.bleepingcomputer.com/forums/t/189486/ms-juan-and-ms-track-systemvirtumonde-or-smitfraud/
Relevancy 39.56%

Bleep this I need help I can't get rid of Adware vundo Variant rel MS Juan I've followed a couple of steps and it deletes some of it but not all I've tried Malwarebytes' Anti Maleware as it does find it and delete it I then do another system Variant/rel MS Adware.vundo It won't away. Infection. go Juan scan and it reappears Here's my log for MBAM and HiJack this Malwarebytes' Anti-Malware Database version Windows Service Pack AMmbam-log- - - - - txtScan type Full Scan C D Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Adware.vundo Variant/rel MS Juan Infection. It won't go away. Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace - gt Delete on reboot HKEY LOCAL MACHINE SOFTWARE Microsoft MS Track System Trojan Vundo - gt Quarantined and deleted successfully Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected C My Backup -- - - Documents and Settings Owner Local Adware.vundo Variant/rel MS Juan Infection. It won't go away. Settings Temp TDSS b tmp Trojan Agent - gt Quarantined and deleted successfully C My Backup -- - - Documents and Settings Owner Local Settings Temp a hpa a exe Trojan Agent - gt Quarantined and deleted successfully C My Backup -- - - Documents and Settings Owner Local Settings Temporary Internet Files Content IE Z SWHV G install exe Rogue Winweb - gt Quarantined and deleted successfully C System Volume Information restore F E DB-F - BE -A - F CA BFB F RP A dll Trojan TDSS - gt Quarantined and deleted successfully Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC PROGRA AVG AVG avgwdsvc exeC Program Files McAfee McAfee AntiSpyware Msssrv exeC Program Files Common Files New Boundary PrismXL PRISMXL SYSC WINDOWS system svchost exeC WINDOWS Explorer EXEC Program Files Digital Media Reader shwiconem exeC WINDOWS system hkcmd exeC WINDOWS zHotkey exeC Program Files CyberLink PowerDVD PDVDServ exeC WINDOWS ALCWZRD EXEC PROGRA AVG AVG avgrsx exeC Program Files Canon MyPrinter BJMyPrt exeC Program Files ScanSoft OmniPageSE OpwareSE exeC PROGRA AVG AVG avgtray exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC PROGRA AVG AVG avgemc exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gatewaybiz com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO b da- a-a a-c - b ba c - c ab - b ... Read more

A:Adware.vundo Variant/rel MS Juan Infection. It won't go away.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/188213/adwarevundo-variantrel-ms-juan-infection-it-wont-go-away/
Relevancy 40.42%

Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Common Files BitDefender BitDefender Update Service livesrv exeC Program Files BitDefender BitDefender vsserv exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Sygate SPF smc exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Microsoft Office Office GrooveMonitor exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Bonjour mDNSResponder exeC Program Files Juniper Networks Common Files dsNcService exeC WINDOWS system drivers KodakCCS exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Norton AntiVirus Targetted with Juan virus MS Engine ccSvcHst exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC WINDOWS system SearchIndexer exeC Program Files BitDefender BitDefender bdagent exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Palm HOTSYNC EXEC Program Files NETGEAR WG v WG v exeC Program Files Norton AntiVirus Engine Targetted with virus MS Juan ccSvcHst exeC WINDOWS System svchost exeC Program Files BitDefender BitDefender seccenter exeC Program Files Targetted with virus MS Juan Mozilla Firefox firefox exeC WINDOWS system wuauclt exeC WINDOWS system msiexec exeC Program Files Trend Micro HijackThis HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - Hosts R COM Line added by EclipseO - BHO no name - e c- bed- - - d a - no file O - BHO d cf- fb -bd b- ae -d b c - c b - d- ea -b db- bf fc d - C WINDOWS system obildz dll disabled by BHODemon O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - c - - b-a c - b e ad f - no file O - Toolbar no name - C B - - d - B - A CD F - no file O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system dllcache tintsetp exe SYNCO - HKLM Run PHIME A C WINDOWS system dllcache tintsetp exe IMENameO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottimeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Client Access Service quot C Program Files IBM Client Access cwbsvstr exe quot O - HKLM Run Client Access Help Update quot C Program Files IBM Client Access cwbinhlp exe quot O - HKLM Run Client Access Express Welcome quot C Program Files IBM Client Access cwbwlwiz exe quot O - HKLM Run Client Access Check Version quot C Program Files IBM Client Access cwbckver exe quot LOGINO - HKLM Run BDAgent quot C Program Files BitDefender BitDefender bdagent exe quot O - HKLM Run BitDefender Antiphishing Helper quot C Program... Read more

A:Targetted with virus MS Juan

Hello! My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

http://www.bleepingcomputer.com/forums/t/178649/targetted-with-virus-ms-juan/
Relevancy 79.55%

Okay this is really really annoying I can't seem to track the root cause of the infection and it keeps coming back after restart or on invocation of IE even though MBAM reports successful removal Any help greatly appreciated Logs from HJT and MBAM attached Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS Juan/MS Tracker Vundo/MS resistant infection Highly System svchost exeC Program Files Lavasoft Highly resistant Vundo/MS Juan/MS Tracker infection Ad-Aware aawservice exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Bonjour mDNSResponder exeC Program Files Google Common Google Highly resistant Vundo/MS Juan/MS Tracker infection Updater GoogleUpdaterService exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC WINDOWS System svchost exeC Program Files Norton Highly resistant Vundo/MS Juan/MS Tracker infection Ghost Agent VProSvc exeC WINDOWS system nvsvc exeC WINDOWS System svchost exeC WINDOWS system PSIService exeC WINDOWS system svchost exeC WINDOWS system dllhost exeC WINDOWS system dllhost exeC Program Files Norton Ghost Shared Drivers SymSnapService exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC Program Files ASUS EPU- Engine FourEngine exeC Program Files ASUS Ai Suite AiNap AiNap exeC Program Files Common Files Ulead Systems AutoDetector monitor exeC Program Files Norton Ghost Agent VProTray exeC Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exeC Program Files Microsoft Office Office GrooveMonitor exeC Program Files HP ToolBoxFX bin HPTLBXFX exeC WINDOWS System spool DRIVERS W X E S I H EXEC WINDOWS System spool DRIVERS W X E S I H EXEC Program Files Corel Corel MediaOne CorelIOMonitor exeC Program Files HP HP Software Update HPWuSchd exeC WINDOWS system RUNDLL EXEC Program Files iTunes iTunesHelper exeC Program Files Kaspersky Lab Kaspersky Anti-Virus avp exeC Program Files Zamaan's Software Browser Hijack Retaliator BHR exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Skype Phone Skype exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Microsoft ActiveSync Wcescomm exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Spybot - Search amp Destroy TeaTimer exeC PROGRA MI AA rapimgr exeC Program Files WinTV Ir exeC Program Files WinZip WZQKPICK EXEC Program Files iPod bin iPodService exeC Program Files Yahoo Messenger ymsgr tray exeC Program Files Belkin Network USB Hub Control Center Connect exeC Program Files MagicDisc MagicDisc exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www ulead com tw uleadAP push dopus amp TYPE R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO fbb f - d - b-ffd - c ac e - e ca - c - dff-b - d f bbf - C WINDOWS system nccmat dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Google - C B - - d - B - A CD F - c progr... Read more

A:Highly resistant Vundo/MS Juan/MS Tracker infection

I ran a full rather than quick scan using MBAM below is the log...

Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

08/11/2008 20:59:54
mbam-log-2008-11-08 (20-59-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 156629
Time elapsed: 36 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8D06E455-D60E-403F-A815-2D6313C268D7}\RP61\A0015442.dll (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

http://www.bleepingcomputer.com/forums/t/178713/highly-resistant-vundoms-juanms-tracker-infection/
Relevancy 41.71%

Hi there A Few days ago i contracted the nasty cool web search adware malware program from a pop-up from the imageavenue website I was using Avast virus scanner of which i am no longer using because it seemed to be letting various trojans in so i ran a scan with AVG and it detected it and removed it However i have began having trouble with tracker cookies Whenever i am browsing online my AVG will pop up on resident shield telling me a tracker cookie attempted to run Such as Adrevolver amp Tacoda I ran a scan with Search Cookies Tracker / Web ad-aware and found an infection in my registry which has now been removed and several infections in my cookies I followed the program and removed them I then ran a search with Spybot which came up clean a virus malware check with AVG and ran a scan with McAfee Stinger as instructed on this site and came up clean I restarted my pc thinking everything was now fine However when i started browsing again the Tracker Cookie warnings were once again poping up I ran a scan with ad-aware and the infections which i had removed were now back I cannot seem to get rid of them and have me really worried Everytime i change my security settings to Web Search / Tracker Cookies block all cookies once a tracker cookie warning pops up it re-sets it to accept all cookies and occasionally i am still receiving pops up which leads me to beleive the adware malware may have not been totally removed from my system Can Anyone please please help i am really loosing sleep over this have never had anything like this happen before Thankyou for Web Search / Tracker Cookies reading Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS RTHDCPL EXEC WINDOWS system CmUCReye exeC Program Files Medion Info Display MdionLCM exeC WINDOWS mHotkey exeC PROGRA COMMON aol ACS AOLacsd exeC WINDOWS CNYHKey exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA AVG AVG avgwdsvc exeC Program Files Common Files AOL ACS AOLDial exeC PROGRA COMMON aol AOLSPY AOLSP Scheduler exeC PROGRA AVG AVG avgfws exeC Program Files Common Files Real Update OB realsched exeC Program Files Bonjour mDNSResponder exeC Program Files Home Cinema PowerCinema Kernel TV CLCapSvc exeC Program Files Home Cinema PowerCinema Kernel CLML NTService CLMLServer exeC Program Files Common Files LightScribe LSSrvc exeC Program Files MySecurityCenter Programs service exeC Program Files Home Cinema PowerDVD PDVDServ exeC WINDOWS system nvsvc exeC Program Files Home Cinema PowerCinema PCMService exeC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exeC Program Files BroadJump Client Foundation CFD exeC PROGRA ntl BROADB SMARTB MotiveSB exeC Program Files Java jre bin jusched exeC Program Files Sony CONNECTAutoUpdate CONNECTScheduler exeC WINDOWS System spool DRIVERS W X E S I H EXEC Program Files iTunes iTunesHelper exeC Program Files Home Cinema PowerCinema Kernel TV CLSched exeC PROGRA AVG AVG avgtray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC PROGRA AVG AVG avgam exeC Program Files Sony CONNECTAutoUpdate CONNECTAUTrayApp exeC PROGRA AVG AVG avgrsx exeC PROGRA AVG AVG avgnsx exeC Program Files Common Files Sony Shared GMR GMRMan exeC Program Files ntl broadband medic bin mpbtn exeC PROGRA AVG AVG avgemc exeC PROGRA COMMON X Common x nets exeC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC PROGRA FREEDO fdm exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www ebay co uk R - HKLM Software Microsoft Internet Explorer Main Default Page... Read more

A:Web Search / Tracker Cookies

Update:

The Exact Programs found by my AVG Were

ADWARE: Generic.IIJ
ADWARE: CoolWebSearch

They are both in my virus vault but still having problems

I have also found NvCPL in my Sytem Configuration Utility

http://www.bleepingcomputer.com/forums/t/178061/web-search-tracker-cookies/
Relevancy 40.42%

I've tried all the program listed but it seems to reboot itself once firefox or ie is open Please help ThanksHere's my hijack log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning MS Trojan.Virtumonde Juan / processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Bonjour mDNSResponder exeC Program Files WIDCOMM Bluetooth Software bin btwdins Trojan.Virtumonde / MS Juan exeC Program Files Microsoft SQL Server MSSQL VAIO VEDB Binn sqlservr exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Sony VAIO Power Management SPMgr exeC Program Files Sony ISB Utility ISBMgr exeC Program Files Sony VAIO Zone Remote Commander AvRmtCtr exeC Program Files Microsoft IntelliPoint point exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Spyware Doctor pctsTray exeC WINDOWS system svchost exeC WINDOWS system wdfmgr exeC Program Files Sony VAIO Event Service VESMgr exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exeC Program Files Viewpoint Common ViewpointService exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzCdbSvc exeC WINDOWS system igfxext exeC Program Files Common Files Sony Shared VAIO Entertainment Platform VzCdb VzFw exeC WINDOWS system igfxsrvc exeC WINDOWS system wscntfy exeC Program Files Common Files Sony Shared VAIO Entertainment VzRs VzRs exeC WINDOWS System alg exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Spyware Doctor pctsGui exeC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www sony com vaiopeopleR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - URLSearchHook no name - EB EA-E BE- CFD- F F-C A C EAFA - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - HKLM Run VAIO Recovery C WINDOWS Sonysys VAIO Recovery PartSeal exeO - HKLM Run TVTunerLib C Program Files Common Files Sony Shared TVTunerLib TVTLInstTool exeO - HKLM Run SonyPowerCfg C Program Files Sony VAIO Power Management SPMgr exeO - HKLM Run ISBMgr exe C Program Files Sony ISB Utility ISBMgr exeO - HKLM Run VAIO Update quot C Program Files Sony VAIO Update VAIOUpdt exe quot StationaryO - HKLM Run VZRemoteCommander C Program Files Sony VAIO Zone Remote Commander AvRmtCtr exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run AdobeCS ServiceManager quot C Program Files Common Files Adobe CS ServiceManager CS ServiceManager exe quot -launchedbyloginO - HKLM Run ISTray quot C Program Files Spyware Doctor pctsTray exe quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - Startup Adobe Gamma lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exeO - ... Read more

A:Trojan.Virtumonde / MS Juan

please help, thanks.

http://www.bleepingcomputer.com/forums/t/174265/trojanvirtumonde-ms-juan/
Relevancy 40.42%

Hi there A friend of mine asked me to look at there Ms Juan) Help With (includes Need Vundo Some computer and judging from the symptoms and dll's popping up it looks like vundo Here is the HJT log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ Need Some Help With Vundo (includes Ms Juan) exeC WINDOWS system spoolsv exeC Program Files Fichiers communs Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS SOUNDMAN EXEC WINDOWS sm hlpr exeC WINDOWS system VTTimer exeC WINDOWS system VTtrayp exeC WINDOWS V Mon exeC Need Some Help With Vundo (includes Ms Juan) Program Files iTunes iTunesHelper exeC Program Files Java jre bin jusched exeC WINDOWS system Rundll exeC WINDOWS system ctfmon exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Skype Phone Skype exeC Program Files Microsoft Office Office OSA EXEC Program Files Microsoft Office Office FINDFAST EXEC Program Files iPod bin iPodService exeC WINDOWS system wuauclt exeC Program Files Skype Plugin Manager skypePM exeC WINDOWS system taskmgr exeC WINDOWS explorer exeC WINDOWS system notepad exeC Program Files Trend Micro HijackThis Monkey exeC Little Red Basket procexp exeC WINDOWS system NOTEPAD EXER - HKCU Software Microsoft Internet Explorer Main Start Page http www google fr ig hl frR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName LiensR - URLSearchHook no name - B B - - d -B D- EBB BA F A - C Program Files AskSBar SrchAstt bin A SRCHAS DLLO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Programme d'aide de l'Assistant de connexion Windows Live - D - C - ABF- ECC- C - C Program Files Fichiers communs Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar Ask Toolbar - F D B -DA B- daf- E -DFEE A AA - C Program Files AskSBar bar bin ASKSBAR DLLO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run SMSERIAL sm hlpr exeO - HKLM Run VTTimer VTTimer exeO - HKLM Run VTTrayp VTtrayp exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run V Mon exe C WINDOWS V Mon exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run CyberDefender Early Detection Center quot C Program Files CyberDefender AntiSpyware ISSIntro exe quot O - HKLM Run MSConfig C WINDOWS PCHealth HelpCtr Binaries MSConfig exe autoO - HKLM Run BM fd ec b Rundll exe quot C WINDOWS system idonqlls dll quot sO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe... Read more

A:Need Some Help With Vundo (includes Ms Juan)

Hello, Fd13. Welcome to BC.Before we get into the fixes, please disable Spybot's TeaTimer, as it may interfere with the process.Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.On the left hand side, click on Tools, then click on the Resident Icon in the list.Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.Click on the "System Startup" icon in the ListUncheck the "TeaTimer" box and "OK" any prompts.If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.Exit Spybot S&D when done.(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Please download Malwarebytes' Anti-Malware and save it to your Desktop. Alternate download location Alternate download locationDouble-click mbam-setup.exe to install the application.Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See note below)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please post that log in your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.In your next reply, please include the following:Log from MBAM Log from Combofix

http://www.bleepingcomputer.com/forums/t/172159/need-some-help-with-vundo-includes-ms-juan/
Relevancy 80.41%

Hi AllI have kaspersky IS installed with PC Tools Spyware doctor It reported quite many problems on latest scan alongwith one persistent problem of VirtuMonde trojan It has also added registry value MS Ff Ie Ms Juan, Not Working, Virtumonde Traces And And Tracker Of Ms JUAN and MS Track System under HKLM Software Microsoft I am unable to clean these registry problems whenever I manually delete them it reappears Following is the hijackthis log I shall also post combofix results once I am done with it TIAHIJACKTHISLogfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker Program Files Kaspersky Lab Kaspersky Internet Security avp exeC Program Files Spyware Doctor pctsAuxs exeC Program Files Spyware Doctor pctsSvc exeC Program Files Alcohol Soft Alcohol StarWind Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker StarWindServiceAE exeC Program Files Hewlett-Packard Shared hpqwmiex exeC WINDOWS System alg exeC Program Files Spyware Doctor pctsTray exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Kaspersky Lab Kaspersky Internet Security avp exeC WINDOWS system Rundll exeC Program Files Microsoft ActiveSync wcescomm exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC PROGRA MICROS rapimgr exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files Hewlett-Packard Digital Imaging bin hpohmr exeC Program Files Hewlett-Packard Digital Imaging bin hpotdd exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS System svchost exeC Documents and Settings Administrator Local Settings Application Data Google Chrome Application chrome exeC WINDOWS system wuauclt exeC Documents and Settings Administrator Local Settings Application Data Google Chrome Application chrome exeC Documents and Settings Administrator My Documents Software HijackThis HijackThis exeC WINDOWS system wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL about blankR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - BHO no name - B D -CB - A - F A-AF ADA - no file O - BHO RealPlayer Download and Record Plugin for Internet Explorer - C E -B - BC - - C CA - C Program Files Real RealPlayer rpbrowserrecordplugin dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - EA - F- A-A A- DF EB - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - B... Read more

A:Ie And Ff Not Working, Traces Of Virtumonde And Ms Juan, Ms Tracker

HiFirst please uninstall KASPERSKY & see if the problems with IE & FF persist ?Post a new hijackthis log with KASPERSKY uninstalled ...THEN ...Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

http://www.bleepingcomputer.com/forums/t/169769/ie-and-ff-not-working-traces-of-virtumonde-and-ms-juan-ms-tracker/
Relevancy 40.85%

Hi guys Having issues with pop up ads in ie spy shredder prompts antivirus and general slow running pc I've run adaware spybot and spynomore with no effective end to the problem And Juan Vundo Ms although the reoccuring issue is virtumonde vundo msjuan Have looked up other posts namely here and followed Thunder's advice in points and Could you please look at my hijackthis and malwarebytes logs and offer any more advice on how to remove this stuff for good please ThanksDMLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Ms Juan And Vundo Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx Ms Juan And Vundo exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Common Files Symantec Shared SPBBC SPBBCSvc exeC WINDOWS system spoolsv exeC Program Files Adobe Adobe Version Cue CS bin VersionCueCS exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC MSSQL binn sqlservr exeC WINDOWS system HPZipm exeC Program Files Symantec AntiVirus SavRoam exeC WINDOWS system svchost exeC Program Files Symantec AntiVirus Rtvscan exeC Program Files Adobe Adobe Version Cue CS data database bin mysqld-nt exeC PROGRA Symantec LIVEUP LUCOMS EXEC WINDOWS system wscntfy exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exeC Program Files Common Files Symantec Shared ccApp exeC PROGRA SYMANT VPTray exeC Program Files Java jre bin jusched exeC Program Files SpyNoMore SNM exeC WINDOWS system ctfmon exeC MSSQL Binn sqlmangr exeC Program Files Common Files Sonic Shared CineTray exeC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http companywebR - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO no name - E D B- CA- -A A- CB - no file O - BHO no name - D F C-C - EA - - AC D BA - no file O - BHO no name - C E - - B E- FC - FC B - no file O - BHO no name - F C -F D- B -A EA-A A F C - no file O - BHO no name - FCC -D - D -B E-E E E - no file O - BHO no name - cadcf- aea- f- c -e ee fc fa - no file O - BHO no name - AC FD -C - DB-A - EE C E F - no file O - BHO no name - d - e - c - - ed e a c e - no file O - BHO no name - ede fe -dae - a -a - df e ce - no file O - BHO Browser protection - FB FFB B- - - - ECDB C B - C PROGRA SPYNOM SNMIEG DLLO - HKLM Run SetRefresh C Program Files Compaq SetRefresh SetRefresh exeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run Adobe Version Cue CS quot C Program Files Adobe Adobe Version Cue CS ControlPanel VersionCueCS Tray exe quot O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe EnterpriseO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exeO - HKLM Run Synchronization Manager SystemRoot system mobsync exe logonO - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Svchost c Windows Temp SecurityHackers exeO - HKLM Run DelayedLoad C DOCUME Dave LOCALS Temp atmadm exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SNM C Program Files SpyNoMore SNM exe startupO - HKLM Run USS quot C Program Files USS USS exe quot O - HKLM Run e b d rundll exe quot C WINDOWS system tnfoguuw dll quot bO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run WeatherWatcherLive quot C Program Files Weather Watcher Live ww exe qu... Read more

A:Ms Juan And Vundo

Hello to everyone,One of our PC's has been infected with virtumonde and I need to bring in the heavy guns. If anyone can help, it'd be much appreciated. Here goes... Symptoms are very slow running speed, low virtual memory warnings, pop up ads in IE7, occasional spyshredder sales pitches, occasional antivirus 2008 sales pitches.virtumonde and vundo picked up by spynomore, removed, then after reboot, more pop ads in IE7. My PC is connected to a work server, but because we are small business we don't have a administrator as such, I've been lumped with the job. I've got a little experience and know how, but would love any advice from experts.I've had a look at other posts and have now downloaded hijackthis and cleared IE temporary files. Here's the log:Please help!ThanksCCLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:32:48 PM, on 26/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\MSSQL7\binn\sqlservr.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\MSSQL7\Binn\sqlmangr.exeC:\Program Files\Common Files\Sonic Shared\CineTray.exeC:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companywebR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {01E5D31B-54CA-4483-A82A-3758CB975638} - (no file)O2 - BHO: (no name) - {42D78F0C-C076-4EA1-8432-66AC026D55BA} - (no file)O2 - BHO: (no name) - {43C7E917-2946-4B2E-9FC6-1FC35127B931} - (no file)O2 - BHO: (no name) - {48F13C14-F82D-4B17-A5EA-A59A2F1704C7} - (no file)O2 - BHO: (no name) - {78FCC154-D884-44D3-B95E-E4870E81585E} - (no file)O2 - BHO: (no name) - {896cadcf-2aea-404f-9c43-e5ee3fc9fa76} ... Read more

http://www.bleepingcomputer.com/forums/t/165337/ms-juan-and-vundo/
Relevancy 40.85%

Hi help please Norton told me i had vundo and claimed to have removed it but i'm still getting unwanted pop-ups and slow downs when i launch a browser window ie or mozilla Malwarebytes keeps finding Registry Keys Infected HKEY LOCAL MACHINE SOFTWARE Microsoft MS Juan Malware Trace Kaspersky is log as Please Help Juan Ms Vundo follows Files scanned Threat name Infected objects Suspicious objects Duration of the scan File name Threat name Threats count C WINDOWS system znddkj dll C WINDOWS system znddkj dll Infected Trojan Win Monderc gen C Apps Nero Ultra Edition b zip Infected not-a-virus AdTool Win MyWebSearch bm C Apps Nero Ultra Edition b zip Infected Trojan Win Monderc gen C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Suspicious Trojan-Spy HTML Fraud gen C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy Help Please Vundo Ms Juan HTML Paylap hl C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy HTML Wamufraud au C Documents and Settings Nick Local Settings Application Data Microsoft Outlook Outlook pst Suspicious Trojan-Spy HTML Fraud gen C WINDOWS system cbtyocnd dll Infected not-a-virus AdWare Win Virtumonde zdg C WINDOWS system cuhhkgrr dll Infected Trojan Win Obfuscated auw C WINDOWS system gtrsecml dll Infected Trojan Win Obfuscated auw C WINDOWS system hnmyqiwm dll Infected Trojan Win Obfuscated auw C WINDOWS system ihbirwbg dll Infected Trojan Win Monder acy C WINDOWS system mnlxromd dll Infected Trojan Win Obfuscated auw C WINDOWS system mtipssgo dll Infected Trojan Win Monder acy C WINDOWS system qvhspaes dll Infected Trojan Win Monderc gen C WINDOWS system wvUlmjgD dll vir Infected not-a-virus AdWare Win Virtumonde zic C WINDOWS system znddkj dll Infected Trojan Win Monderc gen P Documents Nick amp Laura Common mbam-setup exe Infected not-a-virus FraudTool Win SpyNoMore g X N BACKUP Drive C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Suspicious Trojan-Spy HTML Fraud gen X N BACKUP Drive C Documents and Settings Nick Local Settings Application Data Microsoft Outlook archive pst Infected Trojan-Spy HTML Paylap hl DSS main txt Deckard's System Scanner v Run by Nick on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Installed Java Update - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Nick exe ------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system cisvc exeC WINDOWS System GEARSec exeC WINDOWS System svchost exeC Program Files Dell OpenManage Client Iap exeC Program Files Kontiki KService exeC Program Files Common Files... Read more

A:Help Please Vundo Ms Juan

Hello Nicktpp and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/157913/help-please-vundo-ms-juan/
Relevancy 41.28%

Hello This is my first post so I apologize if I did something wrong I've been having trouble getting Juan Pop Ups Ms & rid of Vundo and Darksma from my computer I read several websites regarding these and did some of the suggestions Norton only downsized the Vundo problem Kapersky couldn't find anything wrong with my computer What finally removed majority of my problems was Malwarebytes Now I only have ms juan still showing up and after being quarantined Ms Juan & Pop Ups it keeps coming back Also for some reason I am unable to get my cookies enabled to log on to check my webmail IE is marked to accept Ms Juan & Pop Ups cookies so I do not know whats stopping me Thank you for all your help in advance Deckard's System Scanner v Run by Nosferatu on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - Installed Ad-Aware - - UTC - RP - Last known good configuration - - UTC - RP - Last known good configuration-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Nosferatu exe -------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared ccProxy exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exec program files common files logitech lvmvfm LVPrcSrv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate AluSchedulerSvc exeC Program Files Dell Bluetooth Software bin btwdins exeC Program Files ATI Catalyst Media Center Kernel TV CLCapSvc exeC WINDOWS system crypserv exeC Program Files ATI Catalyst Media Center Kernel CLML NTService CLMLServer exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC Program Files Common Files Roxio Shared SharedCOM RoxWatch exeC WINDOWS System svchost exeC Program Files Viewpoint Common ViewpointService exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Common Files Roxio Shared SharedCOM RoxMediaDB exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Common Files Logitech LComMgr LVComSX exeC WINDOWS System DLA DLACTRLW EXEC WINDOWS system rundll exeC Program Files Apoint Apoint exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files ATI Catalyst Media Center CMCService exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files iTunes iTunesHelper exeC WINDOWS system ctfmon exeC Program Files Dell Bluetooth Software BTTray exeC Program Files Apoint Apntex exeC Program Files iPod bin iPodService exeC PROGRA COMMON SYMANT CCPD-LC symlcsvc exeC Documents and Settings Nosferatu Desktop dss exeC HJT Nosferatu exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ycomp def search ie htmlR - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ycomp def www yahoo comR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo comR - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaul www yahoo comR - HKLM Software Microsoft Internet Explore... Read more

A:Ms Juan & Pop Ups

Hello lbspeedyx and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/154220/ms-juan-pop-ups/
Relevancy 40.42%

I've been working on cleaning up my computer for at least the past four days and Spyware Doctor and other scanners still see traces Background Computer and especially IE was running very slowly and popups occured Many steps have been taken until now and I'll try to summarize Frustrated with Norton Anti-Virus which detected nothing I uninstalled it and installed AVG Free I also downloaded and ran both Ad-Aware and Spybot S amp D After multiple times scanning cleaning and rebooting Spybot would still detect Virtumonde dll From there I downloaded HijackThis and RegCleaner With those programs and by using Windows's Add Remove Programs I trimmed down as many unnecessary programs and startup files as I could recognize I googled HijackThis lines and removed missing files and lines that were found to be harmful by forums such as this one After that all scanning methods were run again and the computer seemed to become considerably more stable However when I scan with AVG it usually finds over warnings adware and I have observed quot MS Juan quot in Virtumonde, Juan, And Friends Ms certain lines I am pleased so far and now I am interested in Virtumonde, Ms Juan, And Friends really getting my computer to be as clean as possible and keeping it that way ie fewer startup processes and regular system scans and Virtumonde, Ms Juan, And Friends spyware checks I just looked over Buckeye Sam's response to someone else's MS Juan infection and will follow those same Virtumonde, Ms Juan, And Friends steps to finalize and clean the system ie OTMoveIt Disable Enable System Restore and installing Spyware Blaster I am currently running Kaspersky's Online Scanner and will shorty run the DSS Thank you in advance to all those who have helped others with their obviously frustrating problems they and I definitely appreciate all the knowledable advice time and dedication to being helpful computer dudes

A:Virtumonde, Ms Juan, And Friends

Since last post:Have run combofix two times (first time the computer restarted during the process).Will now provide Kaspersky log results as well as both DSS logs. HijackThis log is available on request, as well as ComboFix log.--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, June 24, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, June 25, 2008 02:06:06 Records in database: 881648--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - Critical Areas: C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\Owner\Start Menu\Programs\Startup C:\Program Files C:\WINDOWSScan statistics: Files scanned: 61271 Threat name: 3 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 01:11:45File name / Threat name / Threats countC:\Program Files\HijackThis\backups\backup-20080621-230425-319.dll Infected: Trojan.Win32.Monder.zi 1C:\WINDOWS\system32\hxrmvxte.dll Infected: Trojan.Win32.Monder.zi 1C:\WINDOWS\system32\lmvylije.dll Infected: Trojan.Win32.Monder.zb 1C:\WINDOWS\system32\xsetfaqa.dll Infected: Trojan.Win32.Monder.zb 1C:\WINDOWS\system32\yrahehiq.dll Infected: Trojan.Win32.Monder.zg 1The selected area was scanned.Deckard's System Scanner v20071014.68Run by Owner on 2008-06-24 21:33:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --127: 2008-06-25 04:33:48 UTC - RP1049 - Deckard's System Scanner Restore Point126: 2008-06-25 02:37:51 UTC - RP1048 - Installed Java™ 6 Update 6125: 2008-06-25 00:05:09 UTC - RP1047 - ComboFix created restore point124: 2008-06-24 16:34:09 UTC - RP1046 - Spyware Doctor: Cleaning Threats123: 2008-06-24 07:24:37 UTC - RP1045 - Configured Quicken 2003 New User Edition-- First Restore Point -- 1: 2008-06-17 01:44:06 UTC - RP923 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Owner.exe) -----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-24 21:35:31Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system\... Read more

http://www.bleepingcomputer.com/forums/t/154130/virtumonde-ms-juan-and-friends/
Relevancy 40.85%

HimHere is the log files got after running dssI have attached the other logfile 'extra txt' Deckard's System Scanner v Run by ptewary on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point System Restore is disabled service is not running Backed up registry hives Performed Malware Ms Juan disk cleanup -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS SYSTEM smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS SYSTEM services exeC WINDOWS SYSTEM lsass exeC WINDOWS SYSTEM ati evxx exeC WINDOWS SYSTEM svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS SYSTEM svchost exeC WINDOWS SYSTEM spoolsv exeC WINDOWS SYSTEM BAsfIpM Ms Juan Malware exeC Program Files Common Files Microsoft Shared VS Debug mdm exeC WINDOWS SYSTEM mnmsrvc exeC WINDOWS SYSTEM rundll exeC Program Files AT amp T Global Network Client netcfgsvr exeC Ms Juan Malware Program Files Trend Micro OfficeScan Client NTRtScan exeC orant BIN ifsrv EXEC orant BIN ifweb EXEC WINDOWS SYSTEM WLTRYSVC EXEC WINDOWS SYSTEM BCMWLTRY EXEC Program Files Pure Networks Network Magic nmsrvc exeC Program Files Trend Micro OfficeScan Client TmListen exeC Program Files Trend Micro OfficeScan Client CNTAoSMgr exeC Program Files Trend Micro OfficeScan Client FCD G EXEC WINDOWS SYSTEM ati evxx exeC WINDOWS explorer exeC Program Files Apoint Apoint exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC WINDOWS SYSTEM DSentry exeC Program Files Roxio Easy CD Creator DirectCD Directcd exeC Program Files Apoint ApntEx exeC Program Files QuickTime qttask exeC Program Files Trend Micro OfficeScan Client PccNTMon exeC Program Files Common Files Real Update OB realsched exeC Program Files Data Loader Trial Edition DLTimer exeC Program Files Windows Defender MSASCui exeC Program Files Messenger msmsgs exeC WINDOWS SYSTEM ctfmon exeC Program Files Internet Explorer iexplore exeC dss exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http www google com ieR - HKCU Software Microsoft Internet Explorer Main Search Page http www google comR - HKCU Software Microsoft Internet Explorer Main Start Page https www metroatwork com intranetR - HKCU Software Microsoft Internet Explorer Search SearchAssistant http www google com ieR - HKCU Software Microsoft Internet Explorer SearchURL Default http www google com search q sR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer R - HKLM Software Microsoft Internet Explorer Main Default Page URL https www metroatwork com intranetR - HKLM Software Microsoft Internet Explorer Main Default Search URL http www google com ieR - HKLM Software Microsoft Internet Explorer Main Start Page http www dell comR - HKLM Software Microsoft Internet Explorer Search Default Search URL http www google com ieR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http www google com ieO - BHO c f c -a -d -c -e a d - d a - e- c- d- a c f c - C WINDOWS SYSTEM ivesfqtl dllO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run ATIModeChange Ati mdxx exeO - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exeO - HKLM Run bascstray BascsTray exeO - HKLM Run DVDSentry C WINDOWS System DSentry exeO - HKLM Run AdaptecDirectCD quot C Program Files Roxio Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run OfficeScanNT Monitor quot C Program Files Trend Micro OfficeScan Client pccntmon exe quot -HideWindowO - HKLM Run googletalk C Program Files Google Google Talk googletalk exe autostartO - HKLM Run TkBellExe quot C Program Files Common Files ... Read more

A:Ms Juan Malware

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\humkgygn.dll
C:\WINDOWS\system32\kptskkmv.dll
C:\WINDOWS\system32\trpijiie.dll
C:\WINDOWS\system32\ranmtbbb.dll
C:\WINDOWS\system32\itdiigua.dll
C:\WINDOWS\system32\ytsdvvwj.dll
C:\WINDOWS\system32\ivesfqtl.dll
C:\WINDOWS\system32\geeflaly.dll
C:\WINDOWS\system32\fhlgcitt.dll
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.================Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Also post a new log from DSS.

http://www.bleepingcomputer.com/forums/t/153025/ms-juan-malware/
Relevancy 40.85%

Well, for the last 2 days i've been having vundo problems. I've tried using malwarebytes, atf-cleaner, superantispyware, and vundofix. I've gone from having 30 or so infections down to just 1- ms juan. Only malwarebytes can find this recurring key registry problem. It says it quarantines the problem, yet it keeps reoccurring after i reboot.
So now i don't know what to do. I downloaded dss and just ran a log and received 2 txt files which i have attached. Also I cannot say I'm great with computers so slower step by step help would be appreciated.
Thank you

A:Ms Juan And Vundo

Hello masterbraz and welcome to BC. Let's see what we can find. Please follow the steps below in order:First, it appears that there are multiple anti-virus applications running on this computer (Symantec and Avast). Running more than 1 anti-virus application at the same time can cause file access and resource issues and if there is an infection the multiple programs can actually block each other from dealing with the infected file(s). I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems. After that, continue with the rest of the steps.Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Save the file to your desktop or other location where you can find it back.Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post). Cheers.OT

http://www.bleepingcomputer.com/forums/t/152488/ms-juan-and-vundo/
Relevancy 40.42%

I have a PC running McAfee and a few days ago the computer slowed right down and the internet was And Virtumonde Removal Juan Ms virtually useless I scanned the computer and it showed the Ms Juan and Virtumonde I have used MBAM and I think I got rid of the Virtumonde however the Ms Ms Juan And Virtumonde Removal Juan still persists Can anyone help me remove any remaining viruses As instructed here are the kaspersky and dss logs KasperskyCan post if Ms Juan And Virtumonde Removal needed but apparently made this post too long DSS and HijackthisDeckard's System Scanner v Run by Rob amp Esther on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- Ms Juan And Virtumonde Removal - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed Google Toolbar for Internet Explorer - - UTC - RP - ComboFix created restore point - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as exe ----------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC PROGRA McAfee MSC mcmscsvc exec program files common files mcafee mna mcnasvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC WINDOWS system RunDll exeC Program Files Mcafee MWL MWLGui exeC Program Files SiteAdvisor SiteAdv exeC Program Files ATI Technologies ATI ACE cli exeC Program Files QuickTime qttask exeC Program Files Java jre bin jusched exeC Program Files McAfee com Agent mcagent exeC Program Files McAfee MPF MPFSrv exeC Program Files dvd dvd tray exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files OLYMPUS OLYMPUS Master MMonitor exeC Program Files McAfee MSK MskSrver exeC Program Files SiteAdvisor SAService exeC WINDOWS System svchost exeC Program Files Mcafee MWL MwlSvc exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Google Common Google Updater GoogleUpdaterService exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Google Google Updater GoogleUpdater exec PROGRA mcafee msc mcuimgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC PROGRA McAfee VIRUSS mcshield exeC Documents and Settings Rob amp Esther Desktop dss exeC PROGRA TRENDM HIJACK Rob amp Esther exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dllO - BHO no name - FD D- B- FC- - AE - C Program Files SiteAdvisor SiteAdv dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files Si... Read more

A:Ms Juan And Virtumonde Removal

Hello, and welcome to the forum

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new Deckard's System Scanner log and give a description of how your computer is currently running.

http://www.bleepingcomputer.com/forums/t/148796/ms-juan-and-virtumonde-removal/
Relevancy 39.99%

Hi Ive been trying to get around this thing on my own for a while now but Im having no luck I have tried MANY types of scans including ComboFix VundoFix SpyBot SUPERAntiSpyware Kaspersky Online and my McAfee No luck with anything Ive tried doing similar routines that other people tried in their topics but had no luck as the files werent exactly the same Here is my HJT log Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Juan Inside, New And Log Help! Virtumonde, Please Downloader. Hjt Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS Explorer EXEI Software Pro Tools Digidesign Drivers MMERefresh exeC Program Files Intel Intel Matrix Storage Manager iaantmon exeC Program Files Maxtor Sync SyncServices exeC Program Files McAfee MBK MBackMonitor exeC Virtumonde, And New Juan Downloader. Hjt Log Inside, Help! Please Program Files Common Files McAfee HackerWatch Virtumonde, And New Juan Downloader. Hjt Log Inside, Help! Please HWAPI exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exeC PROGRA McAfee VIRUSS mcods exeC PROGRA McAfee MSC mcpromgr exec PROGRA COMMON mcafee mcproxy mcproxy exeC Program Files Intel Virtumonde, And New Juan Downloader. Hjt Log Inside, Help! Please Intel Matrix Storage Manager iaanotif exeC PROGRA McAfee VIRUSS mcshield exeC Program Files Maxtor OneTouch Status maxmenumgr exeC WINDOWS system DeltaIITray exeC WINDOWS System M-AudioTaskBarIcon exeC Program Files Windows Defender MSASCui exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Winamp winampa exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEc PROGRA mcafee com agent mcagent exeC Program Files Autodesk ds Max mentalray satellite raysat dsmax server exeC Program Files McAfee MPF MPFSrv exeC PROGRA McAfee MPS mps exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files NVIDIA Corporation nTune nTuneService exeC WINDOWS system nvsvc exeC Program Files McAfee MPS mpsevh exeC Program Files M-Audio Ozone Install ozinst exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS system svchost exeC Program Files Viewpoint Common ViewpointService exeC WINDOWS system wuauclt exeC WINDOWS System svchost exec PROGRA COMMON mcafee redirsvc redirsvc exeC Program Files Spybot - Search amp Destroy SDShred exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS system NOTEPAD EXEC Hijackthis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main First Home Page http go microsoft com fwlink LinkId O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exeO - HKLM Run mxomssmenu quot C Program Files Maxtor OneTouch Status maxmenumgr exe quot O - HKLM Run DeltTray DeltTray exeO - HKLM Run DeltaIITaskbarApp C WINDOWS system DeltaIITray exeO - HKLM Run M-Audio Taskbar Icon C WINDOWS Syste... Read more

A:Virtumonde, And New Juan Downloader. Hjt Log Inside, Help! Please

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

http://www.bleepingcomputer.com/forums/t/146944/virtumonde-and-new-juan-downloader-hjt-log-inside-help-please/
Relevancy 40.85%

Hello My computer has recently started to Infection Ms Juan slow down and recieve strange pop-up ads when I opened Internet Explorer and I couldn't open some websites After a bit of research I got a copy of Malwarebytes' Anti-Malware and found out that I had the Virtumonde malware After alot of research I removed it successfully with VundoFix Just to be on the safe side I ran MAM again and discovered that I had caught the MS Juan virus after the removal of Virtumonde Virtumonde was the only malware it was detecting until I removed it now it is MS Juan I still get pop-ups to a lesser extent though and my computer is still running slower than usual I can easily delete it from my registry but it comes right back Ms Juan Infection when Ms Juan Infection I open Internet explorer The more sites I visit it seems to gain extra file names such as MetaJuan Superjuan and others all in the MS Juan directory in the registry I have been doing lots of research and after reading all of the HijackThis solutions I have found that there is no one solution to the problem as they are different from mine and the others Taking into account the different usernames and possible programs My system restore points go to the exact point after I caugt Virtumonde So I have decided to post a log of my own For some reason the extra txt did not open I tried posting before and it turned out I had the wrong copy of Hijack this so I got the new one ran DSS and I ony got Main txt this time Main txt Deckard's System Scanner v Run by user on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as user exe ------------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC WINDOWS RTHDCPL EXEC WINDOWS system RUNDLL EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Microsoft IntelliPoint ipoint exeC WINDOWS system Rundll exeC Program Files Java jre bin jusched exeC Program Files Windows Defender MSASCui exeC WINDOWS system ctfmon exeC WINDOWS system WTablet TabUserW exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system nvsvc exeC WINDOWS system PSIService exeC Program Files CyberLink Shared Files RichVideo exeC WINDOWS system Tablet exeC Program Files Internet Explorer iexplore exec WINDOWS system ZuneBusEnum exeC WINDOWS system wscntfy exeC WINDOWS System svchost exeC PROGRA MICROS Office OUTLOOK EXEC Documents and Settings user Desktop dss exeC PROGRA TRENDM HIJACK user exeR - HKCU Software Microsoft Internet Explorer Main Start Page http cm my yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - C - B- A-A A -E DE C DB - C WINDOWS system rqRklIxY dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO no name - C AF -C E - A -B -A A FE - C WINDOWS system yayvUnMG dll file missing O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google... Read more

A:Ms Juan Infection

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

http://www.bleepingcomputer.com/forums/t/146246/ms-juan-infection/
Relevancy 39.99%

Hi I think I have the juan virus I have been getting strange system error messages and browser hijackings I have run combofix but am still getting slow responses from I E please advise HJT LOG Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system Dwm exeC Windows RtHDVCpl exeC Program Files Alwil Software Avast ashDisp exeC Program Files Java jre bin jusched exeC Windows system taskeng exeC Program Files PowerISO PWRISOVM EXEC Program Files Microsoft Office Office GrooveMonitor exeC Program Files Packard Bell SetUpMyPC SmpSys exeC Program Files Creative Sync With Hjt Infected Combofix Juan? Logs And Manager Unicode CTSyncU exeC Program Files Windows Media Player wmpnscfg exeC Infected With Juan? Combofix And Hjt Logs Program Files SpywareDetector SDSystemTray exeC Program Files uTorrent uTorrent exeC Windows explorer exeC Windows system notepad exeC Windows system wbem unsecapp exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Program Files AIM aim exeC Program Files AIM aolsoftware exeC PROGRA MOZILL FIREFOX EXEC Windows system SearchFilterHost exeC Program Files WinRAR WinRAR exeC Users Danny AppData Local Temp Rar EX HijackThis exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - BHO no name - EWPP - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLLO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dllO - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dllO - HKLM Run RtHDVCpl RtHDVCpl exeO - HKLM Run NvSvc RUNDLL EXE C Windows system nvsvc dll nvsvcStartO - HKLM Run NvCplDaemon RUNDLL EXE C Windows system NvCpl dll NvStartupO - HKLM Run NvMediaCenter RUNDLL EXE C Windows system NvMcTray dll NvTaskbarInitO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SystemTraySD C Program Files SpywareDetector SDSystemTray exe -AUTOO - HKLM Run LanguageShortcut quot C Program Files CyberLink PowerDVD Language Language exe quot O - HKLM Run PE CKFNT SE C Program Files Ulead Systems Ulead Photo Express SE ChkFont exeO - HKLM Run SDAutoLiveupdate C Program Files SpywareDetector LiveUpdateSD exe -AUTOO - HKLM Run PWRISOVM EXE C Program Files PowerISO PWRISOVM EXEO - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKCU Run SmpcSys C Program Files Packard Bell SetUpMyPC SmpSys exeO - HKCU Run CTSyncU exe quot C Program Files Creative Sync Manager Unicode CTSyncU exe quot O - HKCU Run WMPNSCFG C Program Files Windows Media Player WMPNSCFG exeO - HKCU Run uTorrent quot C Program Files uTorrent uTorrent exe quot O - HKUS S- - - Run Sidebar ProgramFiles Windows Sidebar Sidebar exe detectMem User 'LOCAL SERVICE' O - HKUS S- - - Run WindowsWelcomeCenter rundll exe oobefldr dll ShowWelcomeCenter User 'LOCAL SERVICE' O - HKUS S- - - Run Sidebar ProgramFiles Windows Sid... Read more

A:Infected With Juan? Combofix And Hjt Logs

Hello redalertWelcome to BleepingComputer ========================Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

http://www.bleepingcomputer.com/forums/t/142480/infected-with-juan-combofix-and-hjt-logs/
Relevancy 34.83%

I have had my anti-virus Avast continuiously popup saying i have a trojan I delete it and then run XoftSpy And Winfixer,trojan Infected Vundo With Juan/vm, Downloader-new Trojan SE it also detects vundo and winfixer and downloader- New Juan VM I have also ran SuperanitSpyware It also tries to remove it all to find out it is still on there I have also ran Stinger it found nothing I am running Windows XP Also when i do this there Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo are others who also have different user names on it do i need to access each user and repeat the process for each user Sorry not sure of these things I have also experienced continous popups wanting me to download spyware antiviruses and to try and get rid of these are a real pain because they just Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo keep popping up Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system ZoneLabs vsmon exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS arservice exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS system dllhost exeC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC WINDOWS ARPWRMSG EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files Hp HP Software Update HPWuSchd exeC PROGRA Yahoo browser ybrwicon exeC PROGRA Yahoo YOP yop exeC PROGRA ALWILS Avast ashDisp exeC Program Files Java jre bin jusched exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC WINDOWS eHome ehmsas exeC Program Files Wire PortalMon exeC PROGRA COMMON INSTAL UPDATE issch exeC Program Files DISC DISCover exeC Program Files Zone Labs ZoneAlarm zlclient exeC PROGRA Yahoo browser ycommon exeC Program Files Messenger msmsgs exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files MySpace IM MySpaceIM exeC Program Files AIM aim exeC Program Files HP Digital Imaging bin hpqtra exeC Program Files Updates from HP Program Updates from HP exeC WINDOWS system svchost exeC Program Files AIM aolsoftware exeC Program Files DISC DiscStreamHub exeC Program Files HP Digital Imaging bin hpqSTE exeC HP KBD KBD EXEc windows system hpsysdrv exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Bar http www yahoo com search ie htmlR - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize www yahoo comR - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize search ie htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dslR - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Search... Read more

A:Infected With Trojan Winfixer,trojan Downloader-new Juan/vm, And Vundo

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

http://www.bleepingcomputer.com/forums/t/115034/infected-with-trojan-winfixertrojan-downloader-new-juanvm-and-vundo/
Relevancy 41.71%

I had quot pest tracker quot appear on my computer and has been acting strange ever since I have deleted the program and am still not right I am running Windows XP and screen saver and desktops are not acting like they are set I have noticed that all of my 'KB ' files in windows were created about weeks ago in the middle of the night and there Infection Pest Tracker are matching hidden ' KB uninstall' folders created at the same time Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Sygate SPF smc exeC WINDOWS system spoolsv exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS SYSTEM USRmlnkA exeC Program Files Common Files Real Update OB realsched Pest Tracker Infection exeC PROGRA Grisoft AVG avgcc exeC WINDOWS Pest Tracker Infection SYSTEM USRshutA exeC WINDOWS SYSTEM USRmlnkA exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Java jre bin jusched exeC Program Files Messenger msmsgs exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Pest Tracker Infection Spybot - Search amp Destroy TeaTimer exeC Program Files Common Files Microsoft Shared Works Shared wkcalrem exeC Program Files BackWeb BackWeb Program backweb exeC Program Files Greetings Workshop Gwremind exeC Program Files HP Digital Imaging bin hpqtra exeC WINDOWS system ntvdm exeC Program Files TrueSwitchAT amp TYahoo TrueWizard exeC PROGRAM FILES BACKWEB BACKWEB PROGRAM FREXT EXEC Program Files HP Digital Imaging bin hpqgalry exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Internet Explorer IEXPLORE EXEC Program Files Common Files Real Update OB rnathchk exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www att net R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize rch search htmlR - HKLM Software Microsoft Internet Explorer Main Local Page c windows SYSTEM blank htmO - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C PROGRAM FILES YAHOO COMPANION INSTALLS CPN YCOMP DLLO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER DLLO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar amp Yahoo Companion - EF BD -C FB- D - F- D F - C PROGRAM FILES YAHOO COMPANION INSTALLS CPN YCOMP DLLO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS system msdxm ocxO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run USRpdA C WINDOWS SYSTEM USRmlnkA exe RunServices Device cpipe-USRpdAO - HKLM Run SystemTray SysTray ExeO - HKLM Run McAfeeWebScanX C PROGRAM FILES NETWORK ASSOCIATES MCAFEE VIRUSSCAN WebScanX ExeO - HKLM Run TkBellExe C Program Files Common Files Real Update OB realsched exe -osbootO - HKLM Run PRISMSVR EXE quot C WINDOWS system PRISMSVR EXE quot APPLYO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run SmcService C PROGRA Sygate SPF smc exe -startguiO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - H... Read more

A:Pest Tracker Infection

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://64.124.210.159//alla/server.exeO16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cabO16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cabO16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exeO21 - SSODL: systemp - {FB2CD720-F640-11D9-A2DD-444553540000} - systemp.dll (file missing)Reboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\ARCHIVE.MHTc:\eied_s7.cabc:\ex.cabc:\ex.cabC:\Windows\System32\systemp.dll Reboot your computer to go back to normal mode.Then do the following:Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt. Post the contents of this log in your next reply along with a new hijackthislog.Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

http://www.bleepingcomputer.com/forums/t/112308/pest-tracker-infection/
Relevancy 40.42%

For a couple of weeks my computer has been suffering from a bad case of adware that's been clogging up my memory I went through Virtumonde Be Gone trying remedy to remedy and I have followed the steps And I'm Trojan.juan.h, Virtumonde, More Sure. suggested and had to use the beta of Safari for Trojan.juan.h, Virtumonde, And More I'm Sure. Windows by Apple to escape the pop-ups Here's the HJT log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS Explorer Trojan.juan.h, Virtumonde, And More I'm Sure. EXEC WINDOWS system LEXBCES EXEC WINDOWS system LEXPPS EXEC WINDOWS system spoolsv exeC Program Files Adaptec Easy CD Creator DirectCD DirectCD exeC Program Files Analog Devices Core smax pnp exeC Program Files Common Files Real Update OB realsched exeC Program Files Java jre bin jusched exeC Trojan.juan.h, Virtumonde, And More I'm Sure. Program Files iTunes iTunesHelper exeC PROGRA Softwin BITDEF bdmcon exeC Program Files Softwin BitDefender bdagent exeC WINDOWS system RUNDLL EXEC Program Files Messenger MSMSGS EXEC WINDOWS system ctfmon exeC Program Files Java jre bin jucheck exeC Program Files Palm Hotsync exeC Program Files Last fm LastFMHelper exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system ubsrtovc exeC WINDOWS System nvsvc exeC PROGRA SPEEDB VideoAcceleratorEngine exeC Program Files Common Files Softwin BitDefender Communicator xcommsvr exeC Program Files Common Files Softwin BitDefender Scan Server bdss exeC Program Files Common Files Softwin BitDefender Update Service livesrv exeC PROGRA SPEEDB VideoAccelerator exeC Program Files Softwin BitDefender vsserv exeC Program Files iPod bin iPodService exeC Program Files Safari Safari exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - - - C- B-A F AB - C Program Files Online Services mexobakit dll file missing O - BHO no name - F D -AA - b -A F - C B F - C WINDOWS system qklbvmtq dllO - BHO no name - E D C - F - c -B - B F BC A F - C Program Files Outerinfo Outerinfo dll file missing O - BHO no name - CFF-B - EF -A -DB F CB - O - BHO no name - B F - D E- F -BA D-D DB C - C Program Files Online Services mexobakit dll file missing O - HKLM Run AdaptecDirectCD quot C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run AOLDialer C Program Files Common Files AOL ACS AOLDial exeO - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exeO - HKLM Run wbofblcA C WINDOWS wbofblcA exeO - HKLM Run - - - F-ZN C windows system mkdsregj exe SKY O - HKLM Run icq com rundll exe quot C WINDOWS system kfxbvime dll quot forkonceO - HKLM Run Qui... Read more

A:Trojan.juan.h, Virtumonde, And More I'm Sure.

Hello tekken5guy,Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.Please download Combofix to your desktop.Doubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

http://www.bleepingcomputer.com/forums/t/100814/trojanjuanh-virtumonde-and-more-im-sure/
Relevancy 27.52%

Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system spoolsv exeC Program Files AntiVir PersonalEdition Classic sched exeC Program Files AntiVir PersonalEdition Classic avguard exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Dell NICCONFIGSVC NICCONFIGSVC exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS Explorer EXEC WINDOWS system nvsvc exeC PROGRA Intel Wireless Bin XConfig exeC PROGRA TRENDM INTERN PcCtlCom exeC Program Files Intel Wireless Bin RegSrvc exeC PROGRA TRENDM INTERN Tmntsrv exeC PROGRA TRENDM INTERN tmproxy exeC PROGRA TRENDM INTERN Vundo.fx, Troj Agent.gzu, Troj Troj Juan.d, Tr/spy.vundo TmPfw exeC WINDOWS system dllhost exeC WINDOWS system wscntfy exeC PROGRA TRENDM INTERN PccGuide exeC WINDOWS ehome ehtray exeC Program Files Apoint Apoint exeC Program Files Java jre bin jusched exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS eHome ehmsas exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Musicmatch Musicmatch Jukebox mmtask exeC Program Files Apoint Apntex exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system dla tfswctrl exeC Program Files Windows Defender MSASCui exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Trend Micro Internet Security TMAS OE TMAS OEMon exeC Program Files Uniblue SpyEraser SpyEraser exeC Program Files Digital Line Detect DLG exeC Program Files Internet Explorer iexplore exeC Program Files AntiVir PersonalEdition Classic avgnt exeC Documents and Troj Agent.gzu, Troj Juan.d, Troj Vundo.fx, Tr/spy.vundo Settings RealPro Desktop stng exeC Documents and Settings RealPro Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run Apoint C Program Files Apoint Apoint exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run IntelWireless C Program Files Intel Wireless Bin ifrmewrk exe tf Intel PROSet WirelessO - HKLM Run DVDLauncher quot C Program Files CyberLink PowerDVD DVDLauncher exe quot O - HKLM Run mmtask C Program Files Musicmatch Musicmatch Jukebox mmtask exeO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run Windows C WINDOWS WinSecurity services exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run pccguide exe quot C Program Files Trend Micro Internet Security pccguide exe quot O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hideO - HKLM Run avgnt quot C Program ... Read more

A:Troj Agent.gzu, Troj Juan.d, Troj Vundo.fx, Tr/spy.vundo

Welcome to BleepingComputer wolfdown Please move HijackThis to a permanent folder on the hard drive such as C:\HJT Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.*********************************Now go to:C:\HJT\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

http://www.bleepingcomputer.com/forums/t/84003/troj-agentgzu-troj-juand-troj-vundofx-trspyvundo/
Relevancy 41.71%

This forum was extremely helpful to me in Tracker? Think-adz Cookie Z-start, ridding my computer of a nasty virus last year Thanks to that process we have ZoneAlarm installed - but missed an update and apparently that was when something slipped through Over the past couple of months we have been experiencing more pop-up ads though nothing as egregious as the assault a year ago but even more frustrating is the common occurrence of the browser locking up or freezing presumably because it's off searching for some ad URL We also have Ad-Aware and SpyBot installed though thanks to ZoneAlarm we haven't felt the need to use them Cookie Tracker? Z-start, Think-adz as frequently But before running HJT I did run them both plus BitDefender and Stinger per the instructions It may be worth noting that I get a Windows error message when running HJT HJT has generated errors and must be closed that kind of thing Here's the log Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exeC WINNT system winlogon exeC WINNT system services exeC WINNT system lsass exeC WINNT system Ati evxx exeC WINNT system svchost exeC WINNT system spoolsv exeC WINNT system CTsvcCDA EXEC WINNT System svchost exeC Program Files Network Associates Common Framework FrameworkService exeC Program Files Network Associates VirusScan mcshield exeC Program Files Network Associates VirusScan vstskmgr exeC WINNT system regsvc exeC WINNT system mscp exeC WINNT system MSTask exeC WINNT system stisvc exeC WINNT system ZONELABS vsmon exeC WINNT System WBEM WinMgmt exeC WINNT System mspmspsv exeC WINNT system svchost exeC WINNT Explorer EXEC Program Files Java jre bin jusched exeC Program Files iTunes iTunesHelper exeC Program Files QuickTime qttask exeC Program Files Common Files Real Update OB realsched exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files Zone Labs ZoneAlarm zlclient exeC WINNT system qwinsoeh exeC Program Files AIM aim exeC QUICKENW QAGENT EXEC Program Files Creative MediaSource Detector CTDetect exeC Program Files iPod bin iPodService exeC QUICKENW QWDLLS EXEC Program Files Nikon PictureProject NkbMonitor exeC lotus wordpro ltsstart exeC Palm hotsync exeC Program Files Microsoft Office Office msoffice exeC Program Files Yahoo Yahoo Music Engine ymetray exeC Program Files Internet Explorer IEXPLORE EXEC Documents and Settings administrator Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - HKLM Run Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUpO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Synchronization Manager mobsync exe logonO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run ymetray quot C Program Files Yahoo Yahoo Music Engine YahooMusicEngine exe quot -preloadO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run ViewMgr C Program Files Viewpoint Viewpoint Manager ViewMgr exeO - HKLM Run Zone Labs Client quot C Program Files Zone Labs ZoneAlarm zlclient exe quot O - HKLM Run D-D - F-F -ZN C WINNT system dwdsregt exe FI O - HKLM Run ExploreUpdSched C WINNT system qwinsoeh exe FI O - HKLM Run DllRunning rundll exe quot C WINNT system klexhlsc dll quot setvmO - HKCU Run AIM C Program Files AIM aim exe -cnetwait odlO - HKCU Run QAGENT C QUICKENW QAGENT EXEO - HKCU Run Creative Detector C Program Files Creative MediaSource Detector CTDetect exe RO - Startup Lotus QuickStart lnk C lotus wordpro ltsstart exeO - Startup HotSync Manager lnk C Palm hotsync exeO - Startup Z Start lnk C WINNT system dwdsregt exeO - Startup Think-Adz lnk C WINNT system qwinsoeh exeO - Global Startup Microsoft Office Shortcut Bar lnk C Prog... Read more

A:Cookie Tracker? Z-start, Think-adz

Hello,* Go to start > controlpanel > software > Add or Remove Programs and uninstall next if present:Think-Adz Search AssistantEnhanced Ads by Think-AdzBrowserUpdateSchedI see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerReboot afterwards!After reboot,* Download Brute Force Uninstaller.Unzip it to a folder of it?s own (c:\BFU).Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlStart the Brute Force Uninstaller by doubleclicking BFU.exeNext to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'In the field, copy and paste next URL:http://metallica.geekstogo.com/alcanshorty.bfuClick Ok. Then click execute in Brute Force Uninstaller.Extra note:If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-windowBrowse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.Wait for the complete script execution box to popup and press OK.Press exit to terminate the BFU program.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:O4 - HKLM\..\Run: [{2D-D1-1F-F0-ZN}] C:\WINNT\system32\dwdsregt.exe FI002O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\qwinsoeh.exe FI002O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINNT\system32\klexhlsc.dll",setvmO4 - Startup: Z_Start.lnk = C:\WINNT\system32\dwdsregt.exeO4 - Startup: Think-Adz.lnk = C:\WINNT\system32\qwinsoeh.exeO4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINNT\system32\shdocvw.dllO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Please download, install, and update AVG Anti-SpywareLoad AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).Cl... Read more

http://www.bleepingcomputer.com/forums/t/76470/cookie-tracker-z-start-think-adz/
Relevancy 42.14%

something called pest trap installed on my Tracker Pest computer without my consent and i can't uninstall it adaware finds something but locks up when i try to delete it here is my log thanksLogfile of HijackThis v Scan saved at PM on Platform Windows SE Win x Pest Tracker A MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLLC WINDOWS SYSTEM MSGSRV EXEC WINDOWS SYSTEM MPREXE EXEC WINDOWS SYSTEM MSTASK EXEC WINDOWS SYSTEM mmtask tskC WINDOWS EXPLORER EXEC WINDOWS TASKMON EXEC WINDOWS SYSTEM SYSTRAY EXEC WINDOWS SYSTEM PRPCUI EXEC WINDOWS SYSTEM ATI PLAB EXEC WINDOWS SYSTEM ATIPTAAB EXEC WINDOWS Pest Tracker SYSTEM ATI CWXX EXEC PROGRAM FILES SYNAPTICS SYNTP SYNTPLPR EXEC PROGRAM FILES SYNAPTICS SYNTP SYNTPENH EXEC WINSTALL EXEC PROGRAM FILES SMC SMCWCB-G WLAN CARDBUS MONITOR EXEC WINDOWS SYSTEM WMIEXE EXEC MY DOCUMENTS HIJACKTHIS EXER - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER OCXO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCXO - HKLM Run ScanRegistry C WINDOWS scanregw exe autorunO - HKLM Run TaskMonitor C WINDOWS taskmon exeO - HKLM Run SystemTray SysTray ExeO - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM Run PRPCMonitor PRPCUI exeO - HKLM Run ATIPOLAB ati plab exeO - HKLM Run AtiPTA Atiptaab exeO - HKLM Run Ati cwxx Ati cwxx exeO - HKLM Run AtiGart c Ati Gart AtiGart exeO - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrSchemeO - HKLM RunServices SchedulingAgent mstask exeO - HKCU Run Windows installer C winstall exeO - Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXEO - Startup SMCWCB-G WLAN Cardbus lnk C Program Files SMC SMCWCB-G WLAN Cardbus Monitor exeO - Extra button Related - c fe - f d- d -a b- aa c a - C WINDOWS web related htmO - Extra 'Tools' menuitem Show amp Related Links - c fe - f d- d -a b- aa c a - C WINDOWS web related htmO - Plugin for spop C PROGRA INTERN Plugins NPDocBox dll

A:Pest Tracker

Hi,The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.Then I'll take a look. Also, please start with installing an antivirus and firewall as well, because it doesn't make any sense that we try to clean this up if nothing is preventing malware getting reinstalled again.AVG, Avira OR Avast are good FREE antivirus.Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls. Understanding and using firewallsPerform a full scan with your antivirus and let it delete everything it is finding.Then post a new hijackthislog.

http://www.bleepingcomputer.com/forums/t/55514/pest-tracker/
Relevancy 40.42%

Hi people I have been trying to clear this problem for months now and am absolutely desperate Images either do not load at all load very slowly kind work a slow; 'tracker' some of eBay believe at images or very selectively and not always Occasionally all works fine for awhile but gets progressively worse Happens in IE as well as FF but only eBay images are affected Other trading sites and auction sites no problem general surfing no problem - eBay images slow; believe a 'tracker' of some kind at work just eBay Suspect I may have piclked up a eBay images slow; believe a 'tracker' of some kind at work Trojan or Data Miner that is tracking my searches Have also noticed that 'Saved searches' that should send daily emails are not working but the site appears not to be a 'fake' - appears to be the genuine article but how would I know I have a Custom PC Windows XP Intel Core Quad Firefox amp IE Have attempted to find malware with MBAM to no avail Have tried every other 'trick' available to improve eBay images Have tried uninstalling Virus software Checked for Add-on incompatabilities Tweaked the registry via 'pipelining' and other similar eBay images slow; believe a 'tracker' of some kind at work tweaks to improve images downloads Emptied Temp folder cache etc No improvement Defragged decluttered Disc Cleanup the lot No change Nothing I have done is working Have even tried logging in from a different computer and same problem is there so assume it is 'linked' to my eBay ID somehow Can anyone suggest what else I could do

A:eBay images slow; believe a 'tracker' of some kind at work

I am still waiting for someone to assist me with this issue.
 
Have been doing some reading on other forums and it might be I have some sort of 'Click-thru' issue.
 
The other issue that I didn't mention is that the pop-up ads don't work either, but I don't believe I have any ad-blocking software active - at least, not that I have installed..!
 
Can someone please help me.......

http://www.bleepingcomputer.com/forums/t/485107/ebay-images-slow;-believe-a-tracker-of-some-kind-at-work/
Relevancy 41.28%

I have been having problems with my laptop for a few days it began with popups about fake virus-scan programmes then wouldn t allow me open any files or tracker cookie ATDMT virus programmes and it can t connect to the server for the internet although the connection is strong It has also reverted back to old-school Windows design with grey toolbars etc Having run scans I found that it is being caused by three atdmt cookie trackers that are detected by AVG The first time they were ATDMT cookie tracker virus moved to the vault and I emtied it but when I ran the scan again they still appeared ad the next time it said that they were moved to the virus vault but they didn t appear in the vault At the moment I am able to run programmes and open files again but they re slow The internet won t ATDMT cookie tracker virus work so I am unable to download any of the programmes to get the log you require Any help or advice would be very much appreciated Thank you

http://www.bleepingcomputer.com/forums/t/320269/atdmt-cookie-tracker-virus/
Relevancy 42.14%

I have a law office and think my system may have been hacked by a competor or Im just psychotic. Either way thought I'd look into the above question and see what the smart folks thoughts were and at worst maybe kick this old dog of a computer back in gear and make it worth using again. SO assuming I was hacked I tried first to rid the eval bug but evil malware instead - cheap bastard that I am - then I figured hey I'll just learn programing cause I got such a good grade when I took BASIC in 1983 should be no sweat. Fools rush in they say. ANyway had the benefit of at least taking my brain off idle and getting me intrested in something again. Therefore, if theres a Guru out there willing to put me through the paces it'd be appreciated.

Mike

http://www.bleepingcomputer.com/forums/t/300217/hacker-tracker/
Relevancy 40.42%

My home computer is infected with a rogue Spyware scanner with the title quot Security Tracker quot and it stops all attempts to remove it It cancels Malewarebytes scans It shuts down the Task Manager It prevents booting in Safe Mode -a windows and Task Security stops Malewarebytes Manager Tracker- blue screen of death displays and locks the computer If you cancel the scanner by hitting the X it freezes the computer with a big warning screen I tried reboot from a previous version and scannner still launches I searched your forum google symantec and other sites and find no references to quot Security Tracker quot From reading similar posts in this forum it sounds like I have a rootkit I ve successfully removed other spyware scanners before with Malewarebytes and Spybot This one has me stumped If I can get to Security Tracker- stops Malewarebytes and Task Manager my hard drive to do a backup - I would just reformat the harddrive and start over Or if there is a way to get rid of Security tracker I greatly appreciate any help I m on a business trip and won t be home until later in the week to fix the home computer

A:Security Tracker- stops Malewarebytes and Task Manager

You could try this to get at your important files:http://www.howtogeek.com/howto/windows-vis...ndows-computer/

http://www.bleepingcomputer.com/forums/t/259312/security-tracker-stops-malewarebytes-and-task-manager/
Relevancy 41.28%

Hello Everyone! I've been having a GREAT deal of trouble removing a virus from my computer. All of my google searches seem to be redirected by something called search-tracker.net
This has been frustrating the hell out of me for weeks now. I found that some other people have been helped here at bleeping computer with the same problem, so I figured I'd register and see if I can't fix this thing cone and for all. I can't install Spybot without getting the blue screen of death, and combofix won't even open the installer. PLEASE HELP! This is really getting old.
-Quinn

A:NASTY Virus. Search-tracker.net help

Hello and welcome.. First I am Moving this to Am I Infected from Vista for scans.Now don't worry about SpyBot and do NOT run ComboFix on your own..Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/241222/nasty-virus-search-trackernet-help/
Relevancy 42.14%

When I'm searching for something on Google and i try to go to the link, it always redirect to search tracker.net Done a search and read to download Malwarebytes, so I downloaded it and change the name from mbam-setup.exe but still wont run. Have no idea what I am doing.
Thanks Eric

A:search-tracker.net

Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

http://www.bleepingcomputer.com/forums/t/238477/search-trackernet/
Relevancy 41.71%

Hey, I'm having the same problem described here http://www.bleepingcomputer.com/forums/t/236262/search-trackernet-virus-help/However, when I try to run antivirus programs, nothing happens. I attempted to use the Malwarebytes program suggested but it won't run. When the installation is finished, it says that the program encountered an error and must close. When I try to run the program, nothing happens.I am running 32-bit vista in case that is pertinent information.

A:Search Tracker Net Virus

Moved from hjt to a more appropriate forum. Tw

http://www.bleepingcomputer.com/forums/t/237136/search-tracker-net-virus/