Windows Support Forum

Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

Q: Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

Hi AVG keeps telling me it s there but i cannot get rid of it This is the hijackthis log Logfile of Trend Micro HijackThis v BETA Scan saved at on Platform Windows XP Szervizcsomag WinNT Boot mode Normal Running processes in horse Solved: Downloader.Generic6.WIR c:\windows\system32\cfgmgr3.dll Trojan C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System S EvMon exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll Program Files Executive Software Diskeeper DkService exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS System RegSrvc exe C WINDOWS System wbem wmiapsrv exe C WINDOWS system ZCfgSvc exe C WINDOWS System XConfig exe C Program Files Intel NCS PROSet PRONoMgr exe C PROGRA Grisoft AVG avgcc exe C Program Files Grisoft AVG Anti-Spyware avgas exe C WINDOWS System ctfmon exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Documents and Settings V nky Sebastian Asztal HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hivatkoz sok O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E D -D - FB- -EBAB B - C WINDOWS System Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll cfgmgr dll O - BHO Spybot-S amp Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - HKLM Run PRONoMgr exe C Program Files Intel NCS PROSet PRONoMgr exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User HELYI SZOLG LTAT S O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User HELYI SZOLG LTAT S O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User H L ZATI SZOLG LTAT S O - HKUS S- - - Run CTFMON EXE C WINDOWS System ctfmon exe User SYSTEM O - HKUS DEFAULT Run CTFMON EXE C WINDOWS System ctfmon exe User Default user O - Extra context menu item E amp xport l s Microsoft Excel form tumba - res C PROGRA OFFICE OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin npjpi dll O - Extra button Kutat s - B - CC- C -B BE- C C A - C PROGRA OFFICE OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - Extra Tools menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dll O - DPF B-B - D-A D -FCFDF E C WUWebControl Class - http update microsoft com windowsupdate v V Controls en x client wuweb site cab O - SharedTaskScheduler Browseui el amp bet lt amp je - C -A BA- D -B B- A C E - C WINDOWS System browseui dll O - SharedTaskScheduler Komponenskateg ri k gyors t t raz si szolg ltat sa - C EF- B - d -BE - C - C WINDOWS System browseui dll O - Service AVG Anti-Spyware Guard - GRISOFT s r o - C Program Files Grisoft AVG Anti-Spyware guard exe O - Service AVG Alert Manager Server Avg Alrt - GRISOFT s r o - C PROGRA Grisoft AVG avgamsvr exe O - Service AVG Update Service Avg UpdSvc - GRISOFT s r o - C PROGRA Grisoft AVG avgupsvc exe O - Service Diskeeper - Executive Software International Inc - C Program Files Executive Software Diskeeper DkService exe O - Service Logikai lemezkezel amp fel gyeleti szolg ltat s dmadmin - Unknown owner - C WINDOWS System dmadmin exe O - Service Esem nynapl Eventlog - Unknown owner - C WINDOWS system services exe O - Service InstallDriver Table Manager IDriverT - Macrovision Corporation - C Program Files Common Files InstallShield Driver Intel IDriverT exe O - Service IMAPI CD- get amp COM-szolg ltat s ImapiService - Unknown owner - C WINDOWS System imapi exe O - Service NetMeeting t voli asztalmegoszt s mnmsrvc - Unknown owner - C WINDOWS System mnmsrvc exe O - Service H l zati DDE NetDDE - Unknown owner - C WINDOWS system netdde exe O - Service H l zati DDE DSDM NetDDEdsdm - Unknown owner - C WINDOWS system netdde exe O - Service Intel NCS NetService NetSvc - Intel R Corporation - C Program Files Intel NCS Sync NetSvc exe O - Service Plug and Play PlugPlay - Unknown owner - C WINDOWS system services exe O - Service T voli asztal s g -munkamenet nek kezel amp je RDSessMgr - Unknown owner - C WINDOWS system sessmgr exe O - Service RegSrvc - Intel Corporation - C WINDOWS System RegSrvc exe O - Service Spectrum Event Monitor S EventMonitor - Intel Corporation - C WINDOWS System S EvMon exe O - Service Intelligens k rtya seg t amp je SCardDrv - Unknown owner - C WINDOWS System SCardSvr exe O - Service Intelligens k rtya SCardSvr - Unknown owner - C WINDOWS System SCardSvr exe O - Service Teljes tm nynapl k s riaszt sok SysmonLog - Unknown owner - C WINDOWS system smlogsvc exe O - Service K tet rny km solata VSS - Unknown owner - C WINDOWS System vssvc exe O - Service WMI teljes tm nyadapter WmiApSrv - Unknown owner - C WINDOWS System wbem wmiapsrv exe -- End of file - bytes nbsp

Relevancy 100%
Preferred Solution: Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: Trojan horse Downloader.Generic6.WIR in c:\windows\system32\cfgmgr3.dll

https://forums.techguy.org/threads/solved-trojan-horse-downloader-generic6-wir-in-c-windows-system32-cfgmgr3-dll.670944/
Relevancy 97.03%

My AVG software keeps finding this but I cant get rid of it It is Trojan horse BHO BLR found in system cfgmgr dll Can anyone help Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System wltrysvc exe Solved: Trojan BHO.BLR in horse system32/CFGMGR3.dll C WINDOWS System bcmwltry exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files AOL ee services safetyCore ver aolavupd exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Solved: Trojan horse BHO.BLR in system32/CFGMGR3.dll Grisoft AVG avgemc exe C Program Files mcafee com antivirus oasclnt exe C Program Files mcafee com personal firewall MPfTray exe C PROGRA Grisoft AVG avgcc exe C Program Files Common Files EPSON EBAPI SAgent exe C Program Files Common Files Real Update OB realsched exe C Program Files CA PPRT bin ITMRTSVC exe C PROGRA mcafee com ANTIVI mcshield exe C Program Files mcafee com personal firewall MPFService exe C WINDOWS system svchost exe C Program Files Common Files TiVo Shared Beacon Solved: Trojan horse BHO.BLR in system32/CFGMGR3.dll TiVoBeacon exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Canon CAL CALMAIN exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C WINDOWS system igfxpers exe C WINDOWS system hkcmd exe C Program Files Solved: Trojan horse BHO.BLR in system32/CFGMGR3.dll Common Files AOL ee AOLSoftware exe C Program Files mcafee com antivirus mcvsescn exe C Program Files CyberLink PowerDVD DVDLauncher exe C WINDOWS system igfxsrvc exe C WINDOWS system WLTRAY exe C Program Files Common Files AOL ee services safetyCore ver AOLSP Scheduler exe C Program Files Common Files AOL ACS AOLDial exe C WINDOWS system ctfmon exe C Program Files Common Files AOL ee SSCEvtHdlr exe C Program Files Common Files TiVo Shared Transfer TiVoTransfer exe C Program Files AIM aim exe C Program Files iPod bin iPodService exe C Program Files Common Files AOL ee aolsoftware exe C Program Files Internet Explorer iexplore exe c program files common files aol ee anotify exe C DOCUME Andi LOCALS Temp Rar EX HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywaybiz R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - FE E- CB- F - F -A A C E - C WINDOWS system cfgmgr dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - B D -BF - D-AABF- D E F - C WINDOWS system ddcbayx dll file missing O - BHO no name - AD D - - e-BD E- F F - C WINDOWS system ohlcwvsb dll file missing O - Toolbar no name - BA B -B - c -B - F F - no file O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run OASClnt C Program Files mcafee com antivirus oasclnt exe O - HKLM Run MPFExe C Program Files mcafee com personal firewall MPfTray exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run SynTPLpr C Program Files Synaptics... Read more

Relevancy 81.22%

Hi techsupportforum My pc has been running very slow and AVGFree Edition keeps reporting an infection called mmc exe Trojan Horse Downloader Generic STC Location C Douments and Settings Tom Application Data pPatch mmc exe I have run Adaware amp Stinger as well as AVG Free to no avail Also ran the recovery disk and created partition F after contacting the vendor's - Mesh- support desk Please note Tom is the user name on F but it was Tom on C Hoping you can help Thanks Boyscott Incident Status Location Spyware Cookie o Not disinfected C Documents and Settings Tom Cookies tom o txt Spyware Cookie Not disinfected C Horse mmc.exe Downloader.Generic6.STC Trojan Documents and Settings Tom Cookies tom txt Spyware Cookie Not disinfected C Documents and Settings Tom Cookies tom txt Spyware Cookie YieldManager Not disinfected C Documents and Settings Tom Cookies tom ad yieldmanager txt Spyware Cookie YieldManager Not disinfected C Documents and Settings Tom Cookies tom ad yieldmanager txt Spyware Cookie YieldManager Not disinfected C Documents and Settings Tom Cookies tom ad yieldmanager txt Spyware Cookie Adrevolver Not disinfected C Documents and Settings Tom Cookies tom adrevolver txt Spyware Cookie Adrevolver Not disinfected C Documents and Settings Tom Cookies tom adrevolver txt Spyware Cookie Adrevolver Not disinfected mmc.exe Trojan Horse Downloader.Generic6.STC C Documents and Settings Tom Cookies tom adrevolver txt Spyware Cookie AdDynamix Not disinfected C Documents and Settings Tom Cookies tom ads addynamix txt Spyware Cookie PointRoll Not disinfected C Documents and Settings Tom Cookies tom ads pointroll txt Spyware Cookie Adtech Not disinfected C Documents and Settings Tom Cookies tom adtech txt mmc.exe Trojan Horse Downloader.Generic6.STC Spyware Cookie Adtech Not disinfected C Documents and Settings Tom Cookies tom adtech txt Spyware Cookie Adtech Not disinfected C Documents and Settings Tom Cookies tom adtech txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Advertising Not disinfected C Documents and Settings Tom Cookies tom advertising txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Tom Cookies tom atdmt txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Tom Cookies tom atdmt txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Tom Cookies tom atdmt txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Tom Cookies tom atdmt txt Spyware Cookie Azjmp Not disinfected C Documents and Settings Tom Cookies tom azjmp txt Spyware Cookie Serving-sys Not disinfected C Documents and Settings Tom Cookies tom bs serving-sys txt Spyware Cookie Casalemedia Not disinfected C Documents and Settings Tom Cookies tom casalemedia txt Spyware Cookie Cassava Not disinfected C Documents and Settings Tom Cookies tom cassava txt Spyware Cookie Cgi-bin Not disinfected C Documents and Settings Tom Cookies tom cgi-bin txt Spyware Cookie Doubleclick Not disinfected C Documents and Settings Tom Cookies tom doubleclick txt Spyware Cookie FastClick Not disinfected C Documents and Settings Tom Cookies tom fastclick txt Spyware Cookie FastClick Not disinfected C Documents and Settings Tom Cookies tom fastclick txt Spyware Cookie DomainSponsor Not disinfected C Documents and Settings Tom Cookies tom landing domainsponsor txt Spyware Cookie Mediaplex Not disinfected C Documents and Settings Tom Cookies tom mediaplex txt Spywa... Read more

A:mmc.exe Trojan Horse Downloader.Generic6.STC

BUMP

as per 5 steps

http://www.techsupportforum.com/forums/f100/mmc-exe-trojan-horse-downloader-generic6-stc-203223.html
Relevancy 81.22%

This trogan will not let me access my files. Any desktop icon I open, opens an installer for Microsoft Money 2003. I can open some programs, such as AVG, Aol. I cannnot acess any of my files, control panel and such.

I have contacted Reid via Private Message and he has sent me to Sticky Topic. I was asked to follow the five steps. I was only able to to do step 3, download Spyware Blaster. I am at a lost at this point.
I would add, that before I found this website, I deleted all Temp In. files on all four account on my laptop.

A:Trojan horse downloader. generic6.SJK

Hi Randy,

I need a set of logs to work from. Did you download Deckard's System Scanner?

Here are the link and instructions once again:

download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

**If you cannot run the dss.exe, run dss.exe again, but use these instructions:

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you. Post both of those reports here so we can get started.

http://www.techsupportforum.com/forums/f100/trojan-horse-downloader-generic6-sjk-195903.html
Relevancy 81.22%

Hallo there I have the same problem of bobfunland a trojan that cannot be scanned and healed I would like to know if I can paste the log that Buckeye Sam gave him to solve the problem or if I need a personalized one Anyway Combofix is ready on my desktop Could anyone help me Thanks I leave the topic address and what bobfunland wrote to explain my problem http www bleepingcomputer com forums lof hp t htmlbobfunland wrote Greetings I want to thank you prematurely for taking the time to fix my Trojan Downloader.generic6.yuu Horse problem I seem to have acquired a Trojan I m fairly seasoned in taking care of virii and such so it was a surprise to me to find that I could not eliminate this one It s causing pop-ups to appear as both IE windows and Firefox tabs Nothing detects it when I scan the only reason I know anything about it is that AVG Anti-virus keeps popping up saying quot Threat Detected quot Clicking quot Heal quot or quot Move to Vault quot does nothing Furthermore when I attempt to search for the file -- C Windows Gwang exe -- that AVG points to as causing the Trojan Downloader Generic Trojan Horse Downloader.generic6.yuu YUU to run it does not exist Even with hidden files turned on etc I know the drill I ve wiped out Vundo and Smitfraud and tackled more Trojans than can fit in a wooden horse

A:Trojan Horse Downloader.generic6.yuu

Welcome to Bleeping Computer piccipuota20. You must post your own logs each PC has differences and each repair can be specific to the user. Preparation Guide for use before posting a HijackThis Log

http://www.bleepingcomputer.com/forums/t/128658/trojan-horse-downloadergeneric6yuu/
Relevancy 81.22%

Hey guys I m usually pretty good at getting rid of stuff but a friend s computer has me horse downloader.generic6 trojan a little stumped and with all the different setups anti-virus programs and definitions the searches I ve done for fixes are not quite specific enough for me after opening control panel avg pops-up with a trojan horse downloader.generic6 virus alert trojan horse downloader.generic6 quot Trojan horse Downloader Generic WGF detected while opening the file C WINDOWS system adsn dll quot Here is the HijackThis Log Logfile of Trend Micro HijackThis v BETA Scan saved at PM on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Logitech Bluetooth LBTSERV EXE C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C trojan horse downloader.generic6 PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C Program Files Logitech SetPoint LBTWiz exe C Program Files Logitech MediaLife MediaLifeService exe C Program Files CyberLink PowerDVD PDVDServ exe C WINDOWS SOUNDMAN EXE C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C Program Files Java jre bin jusched exe C PROGRA Grisoft AVG avgcc exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files PowerISO PWRISOVM EXE C Program Files iTunes iTunesHelper exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files AIM aim exe C Program Files PeerGuardian pg exe C Program Files Common Files Ahead lib NMBgMonitor exe C Program Files BitTorrent DNA dna exe C WINDOWS system ctfmon exe C Program Files Adobe Acrobat Reader AdobeUpdateManager exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files Logitech SetPoint SetPointUpdate exe C PROGRA WIDCOMM BLUETO BTSTAC EXE C Program Files HP hpcoretech comp hptskmgr exe C Program Files iTunes iTunes exe C Program Files iPod bin iPodService exe C Program Files Common Files Ahead lib NMIndexStoreSvr exe C Program Files Mozilla Firefox firefox exe C Program Files Common Files Ahead lib NMIndexStoreSvr exe C Program Files Common Files Ahead lib NMIndexStoreSvr exe C PROGRA Grisoft AVG avgvv exe C Program Files Common Files Logitech WebColct WebColct exe C Documents and Settings Judah Melton Desktop HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Start Page http en wikipedia com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - A F F - E - -A E - - C WINDOWS system adsn dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run Logitech BT Wizard LBTWiz exe -silent O - HKLM Run MediaLifeService quot C Program Files Logitech MediaLife MediaLifeService exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RunDLL exe NvMCTray dll NvTaskbarInit O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run HP Software Update quot C Progr... Read more

Relevancy 81.22%

I have tried a variety of ways to remove this that were recommended on the web yet each one has been unsuccessful I have seen others on this website with a similar problem and you have been able to help I would really appreciate your help I m frustrated and desperate Below is my highjackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe horse trojan downloader.generic6.wgf C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe trojan horse downloader.generic6.wgf C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files New Boundary PrismXL PRISMXL SYS C Program Files Intel Wireless Bin RegSrvc exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS stsystra exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C WINDOWS System spool DRIVERS W X E FATI EA EXE C WINDOWS system igfxsrvc exe C Program Files Motorola SMSERIAL sm hlpr exe C WINDOWS eHome ehmsas exe C WINDOWS system NILaunch exe C PROGRA Grisoft AVGFRE avgcc exe C WINDOWS System spool DRIVERS W X E FATI EA EXE C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files trojan horse downloader.generic6.wgf QuickTime qttask exe C Program Files Java jre bin jusched exe C Program Files Common Files Real Update OB realsched exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C PROGRA Intel Wireless Bin Dot XCfg exe C Program Files Adobe Acrobat Distillr acrotray exe C Program Files BigFix bigfix exe C lotus smartctr smartctr exe C Program Files Microsoft Office OFFICE ONENOTEM EXE C NavPress ZIPscrpt exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Documents and Settings Owner YOUR-E D EF D My Documents Computer Info-Fixes hijackthis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www gateway com g startpage html Ch Retail amp Br GTW amp Loc ENG US amp Sys PTB amp M MP O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO no name - AEE F- D - CC-A F - B A A - C WINDOWS system dima dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run ehTray C WINDOWS ehome ehtray exe O - HKLM Run SynTPLpr C Program Files Synaptics SynTP SynTPLpr exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Reminder WINDIR Creator Remind XP exe O - HKLM Run Recguard WINDIR SMINST RECGUARD EXE O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run igfxtray C WINDOWS system igfxtray exe O - HKLM Run igfxhkcmd C WINDOWS system hkcmd exe O - HKLM Run igfxpers C WINDOWS system igfxpers exe O - HKLM Run IntelZeroConfig quot C Program Files Intel Wireless bin ZCfgSvc exe quot O - HKLM Run IntelWireless quot C Program Files Intel Wireless Bin ifrmewrk exe ... Read more

https://forums.techguy.org/threads/trojan-horse-downloader-generic6-wgf.662761/
Relevancy 111.37%

hi am new to this forum and am impressed by the quality of the replies to the posts that I have read At the moment I am using my laptop but my problem is with my desktop pc I am running it with win xp pro I downloaded a file from seriall com and AVG said that it detected a trojan Trojan horse Downloader Generic AMBN I hit heal and it says that it has fixed the problem but my desktop has been erased at least the access to it has been impaired and I keep getting the pctv me start page I went to google and Horse Trojan Downloader.generic6.ambn got zilch and AVG talks about Trojan horse Downloader Generic PFM but the instructions weren t at all clear Are these the same trojans how do you Trojan Horse Downloader.generic6.ambn remove them or the one I have in my pc I tried starting up in safe mode but can t get to anything No desktop no way to access programs that I know of I have no way of getting to start menu I do have access to the bios but that is it Please help me Thank you very much Moved to more appropriate forum boopme

A:Trojan Horse Downloader.generic6.ambn

Hello shotgunharry1 and welcome to BC

You say that your desktop is impaired.

In normal mode, is the start menu functioning and appearing properly?

Are you able to access the run command?

Can you call up the task manager?

Are you able to connect to the internet with the computer?

Orange Blossom

http://www.bleepingcomputer.com/forums/t/134925/trojan-horse-downloadergeneric6ambn/
Relevancy 111.37%

I think a lot of people just got infected with this My computer has been acting strange the last few days Couldnt run AVG or Crapcleaner The mapped buttons on my logitec keyboard werent working properly Couldnt uninstall AVG so I did a reinstall over the existing version Ran it and Horse Trojan Downloader.Generic6.AGDE found several files infected with the Trojan Horse Downloader Generic AGDE virus I found that every file that AVG reported as infected was kb with a date of AND a directory named quot bak quot had been created under the directory of the infected file which contained the good file that was moved there and replaced by the kb file mentioned above with the same name Currently I moved all to the infected files to AVGs virus vault and moved the good Trojan Horse Downloader.Generic6.AGDE files in each quot bak quot directory to their proper location Doing another scann with AVG to make sure nothing else is found Will also do Spybot scan then reboot and see how things are This is weird since I keep AVG and Spybot up to date and resident Also do scans weekly I wonder how it got to me nbsp

https://forums.techguy.org/threads/trojan-horse-downloader-generic6-agde.679080/
Relevancy 111.37%

agv as found this Trojan horse Downloader.Generic6.ACAV i looked on web looked on bitdefender but i can find no record of this agv can not heal it in the virus vault it says
Trojan horse Downloader.Generic6.ACAV
C:\WINNT\system32\adrCo01\ardCo011065.exe
backup copy infected
can anyone help a newbie to the web thanks adi321

A:Trojan Horse Downloader.generic6.acav

agv can not heal it in the virus vaultWhen an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time."Understanding AVG7 Free Virus Vault" "AVG FAQ #647: I have some files in the AVG Virus Vault. What next?"

http://www.bleepingcomputer.com/forums/t/123828/trojan-horse-downloadergeneric6acav/
Relevancy 110.08%

Hi there You guys have helped me tremendously in the past and I come to you once again for some help It seems that overnight I was attacked by a trojan virus it s slowly duplicating itself and infecting other vital system files such as my avg antivirus windows defender etc AVG identified the trojan as quot trojan horse downloader generic AGDE quot I just ran a HiJackTHIS scan Here s the log Logfile of Trend Micro HijackThis with Infected horse trojan downloader.generic6.AGDE v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Bonjour mDNSResponder exe C WINDOWS system nvsvc exe D Programs Alcohol StarWind StarWindService exe C WINDOWS system svchost exe C Program Files RealVNC VNC WinVNC exe Infected with trojan horse downloader.generic6.AGDE C WINDOWS system wwSecure exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Microsoft Broadband Networking MSBNTray exe C WINDOWS System svchost exe C WINDOWS system msiexec exe C Program Files Internet Explorer iexplore exe C WINDOWS system taskmgr exe D Programs hjTHIS HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go Infected with trojan horse downloader.generic6.AGDE microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext Infected with trojan horse downloader.generic6.AGDE http windowsupdate microsoft com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - Hosts L authd lineage com O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO ContributeBHO Class - C DC - - A A- D-C C - D Programs Adobe CS Adobe Contribute CS contributeieplugin dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - D Programs Adobe CS Acrobat Acrobat AcroIEFavClient dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - D Programs Adobe CS Acrobat Acrobat AcroIEFavClient dll O - Toolbar Contribute Toolbar - BDDE -E A - -B E- B B FC - D Programs Adobe CS Adobe Contribute CS contributeieplugin dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run NVMixerTray quot C Program Files NVIDIA Corporation NvMixer NVMixerTray exe quot O - HKLM Run CTSysVol C Program Files Creative SBAudigy LS Surround Mixer CTSysVol exe r O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run Windows Defender quot C Program Files Windows Defender MSASCui exe quot -hide O - HKLM Run NBKeyScan quot C Program Files Nero Nero Nero BackItUp NBKeyScan exe quot O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run Acrobat Assistant quot D Programs Adobe CS Acrobat Acrobat Acrotray exe quot O - HKLM Run Adobe ID EYTHM C PROGRA COMMON Adobe ADOBEV Server bin VERSIO EXE O - HKLM Run KernelFaultCheck systemroot system dumprep -k O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run DAEMON Tools Pro Agent quot D Programs DAEMON Tools Pro DTProAgent exe quot O - HKCU Run BlackFooX D Programs AnyDVD BlackFooX exe O - HKCU Run BgMonitor E - ... Read more

https://forums.techguy.org/threads/infected-with-trojan-horse-downloader-generic6-agde.678294/
Relevancy 110.08%

On Feb my Avg updated amp then scanned for virus as it does every morning it found files infected I can list the files if necessary I clicked next amp they went into the vault thought things were o k Very soon discovered multiple problems so far I have found - I Problems because Horse Downloader.Generic6.AGDE Trojan of CAN access the interent but I CAN T access any websites that require passwords such as hotmail bank account yahoo etc When I try to log on it tells me quot pg cannot be displayed quot The only sites I have discovered I can use passwords on is AVG amp myspace It seems I cannot access HTTPS sites - My PC is also disconnected from my home network not detecting any other PCs in my house I can print but other PC cannot my other pcs print though my pc they can no longer access my pc or the printer The other pc can access the net b c they do not go through my pc they have adapter amp cards to connect to the router - I could not access the control panel in AVG reinstalled AVG now I can access control panrl but cannot update - I cannot run microsoft updates online error message Error number x EFD I cannot update AVG error message says quot The update Problems because of Trojan Horse Downloader.Generic6.AGDE server failed no additional info is available quot Cannot restore my Pc to any earlier date This is what I have tried I reinstalled AVG I can now accesss control panel but still cannot Problems because of Trojan Horse Downloader.Generic6.AGDE update amp now my AVG is EXTREMELY out of date I manually unhooked my router amp still cannot access Problems because of Trojan Horse Downloader.Generic6.AGDE any of the password sites I checked my setting on internet options I am set to recieve cookies System restore is enabled Cleaned cookies history etc Ran adaware Turn off firewall to check that it was nt interfering I am assuming this trojan had changed my setting amp attacked my system before AVG could catch it is this correct I can run avg now but it finds nothing b c its out of date I can download the avg update manually but i think they are bin files amp I cannot make AVG see teh file after its on my PC Even though i know its there I really don t want to have to reinstall windows OP I have now spent days searching the net for answers amp trying everything under the sun If i need to pot a hijack this i can do that also Can ANYONE help or is it time to throw in the towel amp call a professional Thanks nbsp

Relevancy 110.08%

AVG found the following on my computer on October All items are Downloader Trojan and Horse Generic6.owc Dropper.exebind currently in the Virus Vault undeleted I ran the ATF and Hijack This programs Below the virus list is the Hijack log I believe the Trojan Horse SHeur items relate to Quicken and may be false positives I am unsure about the others I know that four files including shell were changed What should I do next Speak slowly Trojan horse Downloader Generic OWC C WINDOWS SYSTEM plugnplay exe KB Trojan horse SHeur THQ C WINDOWS SYSTEM njhzmxmged exe KB Trojan horse SHeur THQ C WINDOWS SYSTEM jlpcuobmcvbv exe KB Virus found Dropper Exebind C olddell WINDOWS SYSTEM c bGs dll KB Virus found Dropper Exebind C olddell WINDOWS SYSTEM mbbi dll KB Virus found Dropper Exebind C Trojan Horse Downloader Generic6.owc and Dropper.exebind olddell WINDOWS SYSTEM Lycos dll KB Trojan horse Downloader Generic OWC C Documents and Settings Local Settings Temp picture e JPEG zip KB Trojan horse SHeur THQ C Documents and Settings Local Settings Temporary Internet Files Content IE C Q OT three exe KB Trojan horse Downloader Generic OWC C Documents and Settings Local Settings Temporary Internet Files Content IE C Q OT front exe KB Trojan horse Downloader Generic OWC C Documents and Trojan Horse Downloader Generic6.owc and Dropper.exebind Settings My Documents My Received Files picture e JPEG zip Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C WINDOWS system slserv exe C WINDOWS system svchost exe C Program Files Canon CAL CALMAIN exe C WINDOWS Explorer EXE C Program Files Analog Devices SoundMAX SMTray exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C WINDOWS system ctfmon exe C WINDOWS slrundll exe C Program Files Mozilla Firefox firefox exe C WINDOWS system NOTEPAD EXE C Program Files Microsoft Office OFFICE WINWORD EXE C PROGRA MICROS OFFICE OUTLOOK EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Yahoo Companion BHO - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn ycomp dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS system msdxm ocx O - Toolbar Yahoo Companion - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn ycomp dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - ... Read more

Relevancy 109.22%

Hi there avg recently found a Trojan Horse downloader Generic PWA virus and is currently locked up the in vault I am not sure if i am infected or not still but for some reason by HDD disk space keeps using up mb every few minutes even when im not doing anything It started about a week ago when i had about gb HDD disk space left then i suddenly jumped to gb HDD disk space without me uninstalling deleting anything from then on my HDD has been going down by mb every few minutes and currently on gb disk space left i have no idea what this is the follow programs i have run AVG anti-virus free - Avast Antivirus free - Ad-Aware - Spybot - Zone Alarm Pro - CCleaner - RegistryBooster Heres a hijackthis log any disk Trojan HDD space & Horse downloader.Generic6.PWA trouble. help would be appreciated tyvm Deckard's System Trojan Horse downloader.Generic6.PWA & HDD disk space trouble. Scanner v Run by Henry on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Trojan Horse downloader.Generic6.PWA & HDD disk space trouble. Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Software Distribution Service - - UTC Trojan Horse downloader.Generic6.PWA & HDD disk space trouble. - RP - Uniblue RegistryBooster - - UTC - RP - Installed Ad-Aware - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup System Drive C has GiB less than free -- HijackThis run as Henry exe ----------------------------------------------- Unable to find log file not found running clone -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system ati evxx exe C Program Files Alwil Software Avast aswUpdSv exe C WINDOWS explorer exe C Program Files Alwil Software Avast ashServ exe C Program Files Java jre bin jusched exe C WINDOWS stsystra exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Real Update OB realsched exe C Program Files Grisoft AVG Free avgcc exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C Program Files Alwil Software Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Wireless LAN g Pen Size Wireless USB Adapter HW V WlanCU exe C WINDOWS system spoolsv exe C Program Files Grisoft AVG Free avgamsvr exe C Program Files Grisoft AVG Free avgupsvc exe C Program Files Grisoft AVG Free avgemc exe C Program Files Intel Intel Matrix Storage Manager IAANTMon exe C WINDOWS system PnkBstrA exe C Program Files Wireless LAN g Pen Size Wireless USB Adapter HW V SiSWLSvc exe C WINDOWS system svchost exe C WINDOWS system ZoneLabs vsmon exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files MSN Messenger usnsvc exe C WINDOWS system WISPTIS EXE C Program Files MSN Messenger msnmsgr exe C Program Files Internet Explorer iexplore exe C Documents and Settings Henry Desktop dss exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ... Read more

A:Trojan Horse downloader.Generic6.PWA & HDD disk space trouble.

i did a scan with avast anti virus in WINDOWS folder only and found 1 virus Win32.CTX which is currently locked in the chest. there may be more as i only scanned the WINDOWS folders for now, i shall post again if i find anymore viruses.

-hyip001

i wud also like to state that my HDD disk space is still taking up 10mb every few minutes and is currently on 9.14gb.

http://www.techsupportforum.com/forums/f284/trojan-horse-downloader-generic6-pwa-and-hdd-disk-space-trouble-192237.html
Relevancy 109.22%

Hope someone could help me with this virus Trojan horse downloader generic abkb AVG tried to heal it but it keeps coming back and it freezes my browser I had tried several online scanner but none of them resolved it Hope someone could help me be horse Virus not downloader.generic6.abkb Trojan Could removed - Thanks Here is the hijackthis file Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS SOUNDMAN EXE C Program Files Grisoft AVG Anti-Spyware avgas exe C PROGRA Grisoft AVG avgcc exe C WINDOWS tsnp Virus Trojan horse downloader.generic6.abkb - Could not be removed std exe C WINDOWS vsnp std exe C Program Files Common Files Ahead Lib NMBgMonitor exe C WINDOWS system ctfmon exe G Microsoft Student with Encarta Premium DVD EDICT EXE C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system sistray exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS wscntfy exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS system svchost exe C Program Files Common Files Ahead Lib NMIndexingService exe C PROGRA Grisoft AVG avgvv exe C Program Files M PSNLite PsnLite exe C WINDOWS PHolmes exe C PROGRA M PSNLite PSNGive exe C WINDOWS system wuauclt exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie ch search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext wmplayer exe ICWLaunch R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO ST - EDE -C B - E- - BF AF E - C Program Files MSN Apps ST en-xu stmain dll O - BHO MSNToolBandBHO - BDBD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-us msntb dll O - Toolbar no name - CBE -C B- F- BC- CBB E D - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run SiSPower Rundll exe SiSPower dll ModeAgent O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run StormCodec Helper quot C Program Files Ringz Studio Storm Codec StormSet exe quot S opti O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run tsnp std C WINDOWS tsnp std exe O - HKLM Run snp std C WINDOWS vsnp std exe O - HKLM Run SM IAN C Program Files AdvancedCleaner Free ian monitor exe O - HKLM Run runner C WINDOWS mrofinu exe A B BBF B B C C AC FA C O - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot O - HKCU Run ctfmon exe C WINDOWS system... Read more

A:Virus Trojan horse downloader.generic6.abkb - Could not be removed

Hello and welcome to TSF

You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

=====================================================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

======================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

http://www.techsupportforum.com/forums/f284/virus-trojan-horse-downloader-generic6-abkb-could-not-be-removed-211214.html
Relevancy 109.22%

hi my computer have been infected with the Virus Trojan horse downloader generic abkb AVG tried to heal it but it keeps coming back and since it happened my browsers are completed blocked I can ping and traceroute but not browse it seems very similar downloader.generic6.abkb Cant Virus remove horse Trojan - to another thread here http www techsupportforum com secu t-removed html so I tried to follow the same first steps thank yu already for those before all Id need confirmation that this is indeed this trojan is indeed what disables my browsers or if there is still another problem In which case I wonder if I should not reinstall windows completely on another disk would it work or would the trojan still reappear Virus Trojan horse downloader.generic6.abkb - Cant remove here is a highackthis log file Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v SP Boot mode Normal Virus Trojan horse downloader.generic6.abkb - Cant remove Running processes H WINNT System smss exe H WINNT system winlogon exe H WINNT system services exe H WINNT system lsass exe H WINNT system Ati evxx exe H WINNT system svchost exe H WINNT system spoolsv exe H Program Files a-squared Anti-Malware a service exe H PROGRA Grisoft AVG avgamsvr exe H PROGRA Grisoft AVG avgupsvc exe H PROGRA Grisoft AVG avgemc exe H WINNT wscntfy exe H WINNT system MSTask exe H WINNT System WBEM WinMgmt exe H WINNT system svchost exe H WINNT system Ati evxx exe H WINNT Explorer EXE H WINNT TEMP file exe H WINNT TEMP file exe H Program Files ATI Technologies ATI Control Panel atiptaxx exe H WINNT SOUNDMAN EXE H Program Files Java jre bin jusched exe H Documents and Settings Administrator Local Settings Application Data cftmon exe H Documents and Settings Administrator Local Settings Application Data cftmon exe H Program Files Internet Explorer iexplore exe H Documents and Settings JM Yolin Local Settings Application Data cftmon exe H WINNT system drivers spool exe H Program Files Logitech SetPoint SetPoint exe H Program Files Common Files Logitech khalshared KHALMNPR EXE H WINNT System svchost exe H Program Files internet explorer iexplore exe H Documents and Settings JM Yolin Desktop dss exe H Installs JM Yolin exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google fr R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride F - REG system ini UserInit H WINNT system drivers spool exe H WINNT system userinit exe O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - H Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - H PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - H Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - h program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - H Program Files Google GoogleToolbarNotifier swg dll O - Toolbar Yahoo Toolbar avec bloqueur de fen tres pop-up - EF BD -C FB- D - F- D F - H Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Radio - E - F- D - E- A C - H WINNT system msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - h program files google googletoolbar dll O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run ATIPTA quot H Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run SunJavaUpdateSched quot H Program Files Java jre bin jusched exe quot O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run AVG CC H PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run a-squared quot H Program Files a-squared Anti-Malware a guard exe quot O - HKLM Run autoload H Documents and Settings JM Yolin Local Settings Application Data cftmon exe O - HKLM Run ntuser H WINNT system drivers spool exe O - HKCU Run ... Read more

A:Virus Trojan horse downloader.generic6.abkb - Cant remove

I also tried running combofix

ComboFix 08-01-17.3 - JM Yolin 18/01/2008 16:46:50.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.220 [GMT 1:00]
Running from: H:\Documents and Settings\JM Yolin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 16:32 . 08-01-18 16:32 52,736 --a------ H:\WINNT\system32\lrprt7.exe
2008-01-18 16:32 . 08-01-18 16:32 52,736 --a------ H:\WINNT\system32\lrprt5.exe
2008-01-18 16:32 . 08-01-18 16:32 14,080 --a------ H:\WINNT\system32\drivers\sysproc.sys
2008-01-18 16:10 . 08-01-18 16:10 <DIR> d-------- H:\Deckard
2008-01-17 16:00 . 08-01-17 16:00 10,240 ---hs---- H:\WINNT\system32\drivers\spool.exe
2008-01-17 01:52 . 08-01-17 02:32 <DIR> d-------- H:\Program Files\a-squared Anti-Malware
2008-01-17 01:36 . 08-01-17 01:36 <DIR> d-------- H:\Program Files\CCleaner
2008-01-17 01:21 . 08-01-17 01:32 <DIR> d-------- H:\philippe
2008-01-17 00:33 . 00-08-31 08:00 51,200 --a------ H:\WINNT\NirCmd.exe
2008-01-15 23:23 . 08-01-15 23:23 <DIR> d-------- H:\Program Files\Abexo
2008-01-15 00:32 . 08-01-15 00:32 <DIR> d-------- H:\New Folder
2008-01-14 19:36 . 08-01-14 19:36 <DIR> d--h----- H:\WINNT\PIF
2008-01-12 20:58 . 08-01-12 16:43 433,152 -r-hs---- H:\WINNT\wscntfy.exe
2008-01-12 07:20 . 08-01-12 07:22 74,269 -rahs---- H:\WINNT\system32\netstsx.EXE
2007-12-30 10:17 . 08-01-13 19:16 54,156 --ah----- H:\WINNT\QTFont.qfn
2007-12-30 10:17 . 07-12-30 10:17 1,409 --a------ H:\WINNT\QTFont.for
2007-12-28 23:15 . 07-12-28 17:58 <DIR> d-------- H:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-28 23:15 . 08-01-11 13:54 17 --a------ H:\WINNT\system32\drivers\nwlnkcr.sys
2007-12-28 17:59 . 08-01-15 22:32 <DIR> d-------- H:\Documents and Settings\JM Yolin\Application Data\AVG7
2007-12-28 17:58 . 07-12-28 17:58 <DIR> d-------- H:\Documents and Settings\Default User\Application Data\AVG7
2007-12-28 17:58 . 07-12-28 17:58 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 17:58 . 08-01-18 03:00 <DIR> d-a------ H:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 17:58 . 07-12-28 17:58 26,944 --a------ H:\WINNT\system32\drivers\avg7rsnt.sys
2007-12-27 23:23 . 07-12-27 23:20 102,664 --a------ H:\WINNT\system32\drivers\tmcomm.sys
2007-12-27 23:20 . 07-12-27 23:24 <DIR> d-------- H:\Documents and Settings\JM Yolin\.housecall6.6
2007-12-27 23:02 . 07-12-27 23:02 <DIR> d-------- H:\WINNT\winsxs
2007-12-27 23:01 . 07-12-27 23:01 <DIR> d-------- H:\Program Files\Logitech
2007-12-27 23:01 . 07-12-27 23:01 <DIR> d-------- H:\Program Files\Common Files\Logitech
2007-12-27 20:46 . 02-12-12 01:34 208,896 --a------ H:\WINNT\system32\wmpns.dll
2007-12-27 20:45 . 07-12-27 21:55 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 20:33 . 07-12-27 20:33 <DIR> d-------- H:\Documents and Settings\JM Yolin\Application Data\ArcSoft
2007-12-24 12:04 . 07-12-25 12:49 118,784 --a------ H:\WINNT\SeaMonkeyUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 15:37 --------- d-----w H:\Documents and Settings\JM Yolin\Application Data\Skype
2008-01-13 08:37 --------- d-----w H:\Program Files\Mozilla Thunderbird
2007-12-28 13:32 --------- d-----w H:\Program Files\Google
2007-12-28 13:32 --------- d-----w H:\Program Files\Club-Internet
2007-12-28 13:31 --------- d-----w H:\Program Files\QuickTime
2007-12-27 22:04 --------- d-----w H:\Documents and Settings\JM Yolin\Application Data\Logitech
2007-12-27 21:58 --------- d--h--w H:\Program Files\InstallShield Installati... Read more

http://www.techsupportforum.com/forums/f284/virus-trojan-horse-downloader-generic6-abkb-cant-remove-212961.html
Relevancy 104.06%

AVG found this trojan and supposedly removed it but it is still there I think I also have McAfee Security Suite Downloader.VB.BSZ" horse "C:\WINDOWS\system32\mst122.dll";"Trojan and when I ran a scan with it before the AVG scan it did not find it but days after AVG said it removed it McAfee popped up "C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ" saying it found "C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ" it on opening and I had to reboot to remove it I think it is still there now anyway Firefox has been acting extremely slow at times recently as well DDS Ver - - - NTFSx Run by Rick Sutton at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated AV McAfee VirusScan On-access scanning enabled Updated FW McAfee Personal Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C Program Files Common Files AOL TopSpeed aoltsmon exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files McAfee MBK MBackMonitor exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C PROGRA McAfee MSC mcmscsvc exe c program files common files mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files McAfee MPF MPFSrv exe C WINDOWS Explorer EXE C WINDOWS System spool DRIVERS W X HPZIPM EXE C Program Files Analog Devices SoundMAX SMAgent exe c PROGRA mcafee com agent mcagent exe C WINDOWS system svchost exe -k imgsvc C WINDOWS wanmpsvc exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C WINDOWS system igfxtray exe C Program Files Analog Devices SoundMAX SMax PNP exe C WINDOWS AGRSMMSG exe C Program Files Apoint K Apoint exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files Apoint K Apntex exe C Program Files McAfee MBK McAfeeDataBackup exe C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files HPQ SHARED HPQWMI exe C Utopia Angel Angel exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files DNA btdna exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Windows Media Player WMPNSCFG exe C Program Files America Online b waol exe C Program Files America Online b shellmon exe C Program Files Internet Explorer iexplore exe C Program Files mIRC mirc exe C Documents and Settings Rick Sutton Desktop dds scr Pseudo HJT Report uSearch Page uSearch Bar uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp sourceid ie amp rls com microsoft en-US amp ie utf amp oe utf uStart Page hxxp comcast net uInternet Settings ProxyOverride local mURLSearchHooks IAOLTBSearch Class ea - - db- f -d ca fb c d - c program files aol toolbar aoltb dll BHO IE Pro BHO -e - df-a - fcd b bf - c program files iepro iepro dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO scriptproxy db d a - - e -b d- f c - c program files mcafee virusscan scriptsn dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL BHO Google Toolbar Helper aa ed ... Read more

A:"C:\WINDOWS\system32\mst122.dll";"Trojan horse Downloader.VB.BSZ"

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks.

http://www.bleepingcomputer.com/forums/t/201169/cwindowssystem32mst122dll;trojan-horse-downloadervbbsz/
Relevancy 101.05%

Hello I am in dire need of technical help My system performance has been very slow My virtual memory is always low and the AVG detects the viruses namely C windows system cmcfg dll and Trojan Horse Downloader Delf AN but cannot heal or remove them I am getting virus detected pop ups whenever I launch the Internet Explorer The following process names are infected C Windows Explorer exe C Program Files Internet Explorer Iexplorer exe It takes a long time to boot up my system Everytime it boots up the time and date resets to AM I believe that there are a lot of applications that are automatically loaded but I rarely horse Virus downloader C:/windows/system32/cmcfg3.dll delf.12.an Trojan Found: and need Most of the time I will be getting a message of low virtual memory and sometimes out of memory And during shut down it takes half an hour or more to complete it I am attaching the HJT log of my personal laptop that I ran last If you need me to run it again or use the DSS program then kindly inform me Thank you in advance Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an Regards mhoji

A:Virus Found: C:/windows/system32/cmcfg3.dll and Trojan horse downloader delf.12.an

Hello and welcome to the BleepingComputer.com! In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please post back and let me know if you're still experiencing problems and post the logs from RSIT:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)regards _temp_

http://www.bleepingcomputer.com/forums/t/227986/virus-found-cwindowssystem32cmcfg3dll-and-trojan-horse-downloader-delf12an/
Relevancy 98.47%

Norton Antivirus has detected a Trojan Horse in file c windows system cfgmgr dll It is a CFGMGR3.DLL Detected HBO in Trojan Horse HBO Trojan Horse I saw some other dude on HBO Trojan Horse Detected in CFGMGR3.DLL this forum has had a similar problem and I tried following the advices given to him but it didn t help I have tried running Hijackthis Combofix Superantispyware Vundofix and KillBox and neither of them has solved the problem I tried running them in safemode aswell Hijackthis can see the file but can t delete it Killbox can t delete the file directly and if I try making it delete it on reboot I get the following error message while it is verifying registry entries PendingFileRenameOperations Registry Data has been removed by external Process Here you have my Hijackthis Combofix Superantispyware and Vundofix logs Hope you got an idea of how to proceed Hijackthis log Logfile of Trend Micro HijackThis v BETA Scan saved at on - - Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS System brsvc a exe C WINDOWS system spoolsv exe C Programmer F lles filer Symantec Shared ccEvtMgr exe C Programmer Norton Internet Security NISUM EXE C WINDOWS System brss a exe C WINDOWS System spool DRIVERS W X printray exe C Programmer Brother ControlCenter brctrcen exe C Programmer F lles filer Symantec Shared ccApp exe C Programmer Microsoft ActiveSync WCESCOMM EXE C Programmer SUPERAntiSpyware SUPERAntiSpyware exe C Programmer Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Programmer Norton Internet Security ccPxySvc exe C Programmer F lles filer Microsoft Shared VS Debug mdm exe C Programmer Norton AntiVirus navapsvc exe C WINDOWS System nvsvc exe C Programmer Messenger msmsgs exe C WINDOWS System svchost exe C Programmer Microsoft Office Office WINWORD EXE C WINDOWS System ctfmon exe C Documents and Settings Karl Erik Skrivebord HiJackThis v exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www jubii dk R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO F Organizer Class - EF - - - C - AA A DA - C WINDOWS System ATPartners dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programmer Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c programmer google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Programmer Google GoogleToolbarNotifier swg dll O - BHO CNavExtBho Class - BDF E -B - AD-A -FADC B - C Programmer Norton AntiVirus NavShExt dll O - BHO no name - CB BF -AA - BD - C - BAADCC - C WINDOWS System cfgmgr dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Programmer Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - Toolbar amp Google - C B - - d - B - A CD F - c programmer google googletoolbar dll O - HKLM Run SSC UserPrompt C Programmer F lles filer Symantec Shared Security Center UsrPrmpt exe O - HKLM Run SetDefPrt C Programmer Brother Brmfl b BrStDvPt exe O - HKLM Run PrinTray C WINDOWS System spool DRIVERS W X printray exe O - HKLM Run ControlCenter C Programmer Brother ControlCenter brctrcen exe autorun O - HKLM Run ccRegVfy quot C Programmer F lles filer Symantec Shared ccRegVfy exe quot O - HKLM Run ccApp quot C Programmer F lles filer Symantec Shared ccApp exe quot O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKCU Run H PC Connection Agent quot C Programmer Microsoft ActiveSync WCESCOMM EXE quot O - HKCU Run SUPERAntiSpyware C Programmer SUPERAntiSpyware SUPERAntiSpyware exe O - HKCU Run ... Read more

A:HBO Trojan Horse Detected in CFGMGR3.DLL

Anyone got any idea of how to proceed with this problem?

any help would be greatly appreciated.
 

https://forums.techguy.org/threads/hbo-trojan-horse-detected-in-cfgmgr3-dll.662571/
Relevancy 97.61%

Hello I m having serious trouble removing Trojan Downloader Generic LVZ It started with AVG-free scan alert of Trojan in C windows rrr exe and in newsend under temporary internet files even if I ve cleaned them all I ve tryed to follow the steps I ve read in other posts on techguys stopped Automatic Systen Restore services used ATF-cleaner to erase all temporary Solved: me Trojan Downloader.Generic6.LVZ help this Please with files I ve used NoAdAware that found infections but I couldn t use to clean because I ve to buy it and also couldn t save the report I ve put all the infections found in AVG in the Virus Vault and deleted them but at the restart the infection is still there So I m here I ve run Hijackthis AVG anti-spyware and AVG Free here are the Logs Logfile of HijackThis Solved: Please help me with this Trojan Downloader.Generic6.LVZ v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS System WLTRYSVC EXE C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C Programmi Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG Solved: Please help me with this Trojan Downloader.Generic6.LVZ avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Programmi Google Common Google Updater GoogleUpdaterService exe C WINDOWS system Ati evxx exe C WINDOWS System PAStiSvc exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS stsystra exe C WINDOWS system WLTRAY exe C Programmi Java jre bin jusched exe C Programmi Adobe Adobe Acrobat Distillr Acrotray exe C Programmi File comuni InstallShield UpdateService issch exe C Programmi File comuni Real Update OB realsched exe C Programmi ATI Technologies ATI ACE cli exe C WINDOWS system scvhost exe C WINDOWS AdobeR exe C WINDOWS system ctfmon exe C WINDOWS BricoPacks Crystal Clear RocketDock RocketDock exe C WINDOWS system wbem wmiapsrv exe C Programmi ATI Technologies ATI ACE cli exe F AdobeR exe C WINDOWS System svchost exe C Programmi hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www google it R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Collegamenti O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Programmi Adobe Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programmi Java jre bin ssv dll O - BHO AcroIEToolbarHelper Class - AE CD -E - f- - EE - C Programmi Adobe Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Programmi Google GoogleToolbarNotifier swg dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Programmi Adobe Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run SigmatelSysTrayApp stsystra exe O - HKLM Run Broadcom Wireless Manager UI C WINDOWS system WLTRAY exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run SunJavaUpdateSched quot C Programmi Java jre bin jusched exe quot O - HKLM Run Google Desktop Search quot C Programmi Google Google Desktop Search GoogleDesktop exe quot startup O - HKLM Run Acrobat Assistant quot C Programmi Adobe Adobe Acrobat Distillr Acrotray exe quot O - HKLM Run ISUSScheduler quot C Programmi File comuni InstallShield UpdateService issch exe quot -start O - HKLM Run TkBellExe quot C Programmi File comuni Real Update OB realsched exe quot -osboot O - HKLM Run ATICCC quot C Programmi ATI Technologies ATI ACE cli exe quot runtime -Delay O - HKLM Run AVG Anti-Spyware quot C Programmi Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run ISUSPM Startup c progra fileco instal update isuspm exe -startup O - HKLM Run Microsoft scvhost exe O - HKLM Run RegClean C Programmi... Read more

A:Solved: Please help me with this Trojan Downloader.Generic6.LVZ

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [Microsoft] scvhost.exe

O4 - HKLM\..\RunServices: [Microsoft] scvhost.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.
Make sure you get these exact file names

C:\WINDOWS\system32\scvhost.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!
 

https://forums.techguy.org/threads/solved-please-help-me-with-this-trojan-downloader-generic6-lvz.636591/
Relevancy 95.89%

My antivirus AVG detected trojan horse PSW Generic AQPD this morning Here is my HiijackThis Log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Windows PSW.Generic6.AQPD Horse [SOLVED] Trojan RtHDVCpl exe C hp support hpsysdrv exe C Program Files Hewlett-Packard On-Screen OSD Indicator OSD exe C Program Files Java jre [SOLVED] Trojan Horse PSW.Generic6.AQPD bin jusched [SOLVED] Trojan Horse PSW.Generic6.AQPD exe C Program Files AVG AVG avgtray exe C Program Files winsim ConnectionManager Simply SystemTrayIcon exe C Program Files Portrait Displays Pivot Software wpCtrl exe C Program Files Portrait Displays HP My Display dthtml exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Portrait Displays Pivot Software floater exe C Program Files Microsoft IntelliPoint ipoint exe C Program Files Maxtor OneTouch Status MaxMenuMgr exe C Program Files Adobe Reader Reader reader sl exe C Windows System rundll exe C Program Files iTunes iTunesHelper exe C Program Files HP HP Software Update hpwuSchd exe C Program Files Hewlett-Packard HP Advisor HPAdvisor exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Users Owner AppData Local Google Update GoogleUpdate exe C Program Files Windows Media Player wmpnscfg exe C Program Files Common Files Portrait Displays Shared HookManager exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Internet Explorer IEUser exe C Program Files Internet Explorer iexplore exe C hp kbd kbd exe C Users Owner Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www cbc ca news R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TY amp pf desktop R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dll O - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe ... Read more

A:[SOLVED] Trojan Horse PSW.Generic6.AQPD

I did some more reasearch on the net, and read that only AVG users are getting these Trojan Horse PSW.Generic6.AQPD warnings. Apparently it is a "false positive" situation. I downloaded the latest AVG updates and no longer get the warnings.

It is safe to assume I do not have a trojan? Please advise.

http://www.techsupportforum.com/forums/f100/solved-trojan-horse-psw-generic6-aqpd-312842.html
Relevancy 92.45%

Hello there my AVG detects this virus trojan Could horse be not tVirus rojan removed - downloader.generic6.abkb horse downloader generic abkb I tried several online scanner and none of them worked It freezes my browser Hope someone could help me Thank you Here is the Hijackthis Logfile of HijackThis v Scan saved at AM on Platform Windows tVirus rojan horse downloader.generic6.abkb - Could not be removed XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS SOUNDMAN EXE C Program Files Grisoft AVG Anti-Spyware avgas exe C PROGRA Grisoft AVG avgcc exe C WINDOWS tsnp std exe C WINDOWS vsnp std exe C Program Files Common Files Ahead Lib NMBgMonitor exe C WINDOWS system ctfmon exe G Microsoft Student with Encarta Premium DVD EDICT EXE C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system sistray exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINDOWS wscntfy exe C Program Files CyberLink Shared Files RichVideo exe C WINDOWS system svchost exe C Program Files Common Files Ahead Lib NMIndexingService exe C PROGRA Grisoft AVG avgvv exe C Program Files M PSNLite PsnLite exe C WINDOWS PHolmes exe C PROGRA M PSNLite PSNGive exe C WINDOWS system wuauclt exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Connection Wizard ShellNext wmplayer exe ICWLaunch R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C PROGRA Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO ST - EDE -C B - E- - BF AF E - C Program Files MSN Apps ST en-xu stmain dll O - BHO MSNToolBandBHO - BDBD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-us msntb dll O - Toolbar no name - CBE -C B- F- BC- CBB E D - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - HKLM Run SiSPower Rundll exe SiSPower dll ModeAgent O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run StormCodec Helper quot C Program Files Ringz Studio Storm Codec StormSet exe quot S opti O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run tsnp std C WINDOWS tsnp std exe O - HKLM Run snp std C WINDOWS vsnp std exe O - HKLM Run SM IAN C Program Files AdvancedCleaner Free ian monitor exe O - HKLM Run runner C WINDOWS mrofinu exe A B BBF B B C C AC FA C O - HKCU Run BgMonitor E - C C- d f- C - D A B AA quot C Program Files Common Files Ahead Lib NMBgMonitor exe quot O - HKCU Run ctfmo... Read more

Relevancy 87.72%

Dear staff members I have done all five of the steps mentioned in your sticky post and I think I'm in trouble Everything went along normally except for the Panda scan which strangely did not find anything My AVG found this Trojan mentioned in the Downloader.Generic6.VFR Trojan title and since then I've been plagued with it - a little popup window comes up every time whenever I start windows stating something along the lines of quot Error Loading windows y j dll quot I've tried to remove the DLL manually and I've also tried to use a bunch of shredder programs including File Trojan Downloader.Generic6.VFR Shredder and Spybot Search and Destroy's built-in function No luck Did I mention that AVG can't access it period Whenever I tried to access it it's always denied It's like I don't know I've tried removing it with about different ways including command prompt and safe mode But no luck Anyways here's the log from DSS Please advise Deckard's System Scanner v Run by Dong on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed CBL Data Shredder - - UTC - RP - Installed CBL Data Shredder - - UTC - RP - System Checkpoint - - UTC - RP - System Checkpoint -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C Program Files Common Files Virtual Token vtserver exe C WINDOWS system ibmpmsvc exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system ati evxx exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Symantec Client Security Symantec Client Firewall ISSVC exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C WINDOWS system IPSSVC EXE C Program Files ThinkPad ConnectUtilities AcPrfMgrSvc exe E Program Files Grisoft AVG avgamsvr exe E Program Files Grisoft AVG avgupsvc exe E Program Files Grisoft AVG avgemc exe C Program Files ThinkPad Bluetooth Software bin btwdins exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C Program Files Diskeeper Corporation Diskeeper DkService exe C WINDOWS system svchost exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Intel Wireless Bin RegSrvc exe E Program Files Alcohol Soft Alcohol StarWind StarWindService exe C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C Program Files Symantec Client Security Symantec Client Firewall SymSPort exe C WINDOWS system TPHDEXLG exe C WINDOWS system TpKmpSvc exe C Program Files IBM ThinkVantage Rescue and Recovery rrservice exe C Program Files IBM ThinkVantage Common Scheduler tvtsched exe C Program Files ThinkVantage SystemUpdate UCLauncherService exe C Program Files ThinkPad ConnectUtilities AcSvc exe C Program Files IBM ThinkVantage Common Logger logmon exe C WINDOWS explorer exe C Program Files ThinkPad ConnectUtilities AcMurocHlpr exe C Program Files Synaptics SynTP SynTPEnh exe C WINDOWS system TpShocks exe C Program Files ThinkPad Utilities EZEJMNAP EXE C Program Files Lenovo PkgMgr HOTKEY TPHKMGR exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files Lenovo... Read more

A:Trojan Downloader.Generic6.VFR

I've decided to give this thread a bump according to the 72-hour recommendation.

http://www.techsupportforum.com/forums/f284/trojan-downloader-generic6-vfr-201254.html
Relevancy 86.86%

Hi My AVG finds Trojan Horse PSW Generic TXN everyday and it has made my computer very slow and also when my Trojan Horse PSW.Generic6.TXN computer starts it give me - dll not found error Can somebody please help me how to remove this permanently from my computer My hijacklog is as follows Logfile of Trend Micro HijackThis v Scan Trojan Horse PSW.Generic6.TXN saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system brsvc a exe C WINDOWS system spoolsv exe C WINDOWS system brss a exe C PROGRA COMMON AOL ACS AOLacsd exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C WINDOWS system Brmfrmps exe C WINDOWS system lxcrcoms exe C Program Files Common Files Microsoft Shared VS Debug mdm exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS Explorer EXE c Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Program Files Apoint Apoint exe C Program Files Common Files Real Update OB realsched exe C Program Files Lexmark Series lxcrmon exe C Program Files Lexmark Series ezprint exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C WINDOWS system ctfmon exe C Program Files TheWeatherNetwork WeatherEye WeatherEye exe C Program Files Apoint HidFind exe C PROGRA Intel Wireless Bin XConfig exe C Program Files Apoint Apntex exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Intel Wireless Bin RegSrvc exe c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system svchost exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System svchost exe C WINDOWS system wuauclt exe C WINDOWS system igfxext exe C WINDOWS system igfxsrvc exe C WINDOWS system rundll exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http ca rd yahoo com customize ycomp defaults sp http ca yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www mail yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page about blank R - HKCU Software Microsoft Internet Explorer SearchURL Default http ca rd yahoo com customize ycomp defaults su http ca yahoo com R - URLSearchHook no name - E E- - F - DAB-FCDD B E D - no file F - REG system ini UserInit C WINDOWS system userinit exe rundll exe C WINDOWS system winsys dll start O - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO Lexmark Toolbar - A C- F - -A D-EDD AC F - C Program Files Lexmark Toolbar toolband dll O - BHO a c- b -b f -d - d f - f d- - d- f b- b c a - C WINDOWS system ctywbm dll file missing O - BHO no name - EF - - CF- -E CC BE A E - C WINDOWS system khfEUkkI dll file missing O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO no name - D CB -C CD- c f-BFDC- B AFBDC C - C WINDOWS system efcBsTMe dll file missing O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Lexmark Toolbar - A C- F - -A D-EDD AC F - C Program Files Lexmark Toolbar toolband dll O - HKLM Run Apoint C Program Files Apoint Apoint exe O - HKLM Run QuickTime Task qu... Read more

A:Trojan Horse PSW.Generic6.TXN

Just bumping my post. Please help me. Thanks in advance
 

https://forums.techguy.org/threads/trojan-horse-psw-generic6-txn.791796/
Relevancy 86.86%

Hello. I am new here. Not sure if I am posting this in the correct place but I also woke up this morning to a pop up saying that Trojanhorse PSW.generic6.AQBD was detected on open. It says the file name is C:/Windows/system32/Macromed/Flash/FlashUtil10a.exe. I ran the malewarebytes that you recommended for another person regarding a trojan horse generic and it said there was no infection, but AVG said there was an infection so I removed it to the vault, yet the warning still keeps popping up. I don't know what to do. I have no clue about any of this. Any help would be appreciated.

A:Trojan Horse PSW.generic6 help!

i too was about to post the same thing. I need an answer for it quick.

http://www.bleepingcomputer.com/forums/t/179884/trojan-horse-pswgeneric6-help/
Relevancy 86.86%

Hi Trojan Horse Generic6.ait I think I have a similar or the same problem as Whittibo - Pop up saying our files are being copied I had the same popups every minutes My AVG also found and removed Trojan Horse Generic ait I have done the following Run a scan with Superantispyware log below Run combofix log below Run hijackthis log below This seems to have stopped the problem of the popups after rebooting my pc I still had limited access to certain items in the control panel such as user accounts although for some strange reason I can now access it again I was getting a popup saying Restrictions This operation has been cancelled due to restrictions in effect on this computer Please contact your system administrator I am not familiar with anything in these logs Based on what you see does my PC appear to be OK I have not done anything other than what I described above SUPERANTISPYWARE LOG ------------------------------- SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned Trojan Horse Generic6.ait File Trojan Horse Generic6.ait threats detected Trojan Net-AVP AVT C WINDOWS SYSTEM WINAVXX EXE C WINDOWS SYSTEM WINAVXX EXE WinAVX C WINDOWS SYSTEM WINAVXX EXE WinAVX C WINDOWS SYSTEM WINAVXX EXE C DOCUMENTS AND SETTINGS ALL USERS START MENU PROGRAMS STARTUP AUTORUN EXE C DOCUMENTS AND SETTINGS MIKE AND HAZEL START MENU PROGRAMS STARTUP SYSTEM EXE C WINDOWS SYSTEM PRINTER EXE C WINDOWS Prefetch WINAVXX EXE- EF B pf Trojan Net-VTROLL HKLM Software Classes CLSID ABCDECF - B - D -ABED- C HKCR CLSID ABCDECF - B - D -ABED- C HKCR CLSID ABCDECF - B - D -ABED- C HKCR CLSID ABCDECF - B - D -ABED- C InprocServer HKCR CLSID ABCDECF - B - D -ABED- C InprocServer ThreadingModel HKCR CLSID ABCDECF - B - D -ABED- C InprocServer Enable Browser Extensions HKCR CLSID ABCDECF - B - D -ABED- C ProgID HKCR CLSID ABCDECF - B - D -ABED- C Programmable HKCR CLSID ABCDECF - B - D -ABED- C VersionIndependentProgID C WINDOWS SYSTEM VTR DLL HKLM Software Microsoft Windows CurrentVersion Explorer Browser Helper Objects ABCDECF - B - D -ABED- C Adware Tracking Cookie C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt C Documents and Settings Mike and Hazel Cookies email protected txt COMBOFIX LOG ------------------- ComboFix - - - quot Mike and Hazel quot - - - NTFSx Microsoft Windows XP Home Edition GMT Created a new restore point Other Deletions C DOCUME MIKEAN Desktop internet explorer lnk Files Created from - - to - - - - --a------ C WINDOWS nircmd exe - - lt DIR gt d-------- C WINDOWS LastGood - - lt DIR gt d-------- C Program Files SUPERAntiSpyware - - lt DIR gt d-------- C DOCUME MIKEAN APPLIC SUPERAntiSpyware com - - lt DIR gt d-------- C DOCUME ALLUSE APPLIC SUPERAntiSpyware com - - lt DIR gt d-------- C Program Files Common Files Wise Installation Wizard Find M ... Read more

A:Trojan Horse Generic6.ait

Hi and welcome

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 

https://forums.techguy.org/threads/trojan-horse-generic6-ait.610352/
Relevancy 86.86%

Please can any one help i have quite a few Trojan Horse generic6.UMS it is in my virus vault of AVG, is thee any way i can remove these completely.
Document settings\user\local setting\temp\-is3exe.
 

https://forums.techguy.org/threads/trojan-horse-generic6-ums.713926/
Relevancy 86.86%

Hi,

AVG Free detected the above (Trojan Horse Generic6.UMS) this morning and appeared to have deleted it. Has anyone else come across this before?

Thanks
 

https://forums.techguy.org/threads/trojan-horse-generic6-ums.613493/
Relevancy 86.43%

Hi everyone Please find my Decker's log and my HijackTHis log run AFTER I removed a bunch of stuff Thanks in advance for any help you can give me Deckers Deckard's System Scanner v Run by Vevev on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Removed SUPERAntiSpyware Professional - - UTC - RP - Removed WordPerfect Office - - UTC - RP - Removed iriver Music Manager - - UTC - RP - Removed BurnPlugin for Audible-- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Vevev exe -----------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Downloader.generic6.aeph Trojan The Have I WINDOWS System svchost exeC Program Files Common Files I Have The Trojan Downloader.generic6.aeph Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files I Have The Trojan Downloader.generic6.aeph Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Intel Intel Application Accelerator iaantmon exeC WINDOWS Explorer EXEc program files adobe robosource control rso middletierservice exeC WINDOWS system svchost exeC Program Files Analog Devices Core smax pnp exeC Program Files Java j re bin jusched exeC Program Files Intel Intel Application Accelerator iaanotif exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files HighCriteria TotalRecorder TotRecSched exeC Program Files Common Files Real Update OB realsched exeC Program Files Google Google Desktop Search GoogleDesktop exeC PROGRA Grisoft AVG avgcc exeC Program Files Adobe Acrobat Distillr Acrotray exeC Program Files Google Google Desktop Search GoogleDesktopIndex exeC Program Files iTunes iTunesHelper exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files DellSupport DSAgnt exeC WINDOWS system ctfmon exeC Documents and Settings All Users Application Data Dell TransferAgent TransferAgent exeC Program Files Google Google Desktop Search GoogleDesktopDisplay exeC Program Files Common Files Palo Alto Software PAS UD exeC Program Files iPod bin iPodService exeC Program Files Mozilla Firefox firefox exeC Program Files Microsoft Office Office WINWORD EXEC Documents and Settings Vevev Desktop dss exeC PROGRA TRENDM HIJACK Vevev exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www netflix com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletool... Read more

A:I Have The Trojan Downloader.generic6.aeph

Hello ViviNYC,my HijackTHis log run AFTER I removed a bunch of stuff. Thanks in advance for any help you can give me!If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. If you are do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program. You have deleted many valid items. If you dont know what you doing then do not delete anything with Hijackthis! Restore everything you've removed and we'll take it from there. Open HijackThis Click Open the Misc. Tools Sections button> Config screen> Backups Button Place a check in all backed up entries and click Restore. Reboot the computer and post a fresh log.

http://www.bleepingcomputer.com/forums/t/141533/i-have-the-trojan-downloadergeneric6aeph/
Relevancy 86.43%

Hi I am unable to get online and so am posting my HJT log from a friends computer System restore looks like it has been wiped clean and so I m unable to use this Last known good configuration also still leaves me with the same problem AVG free anti virus gave warning that I was infected with Trojan downloader generic aapv and it was unable to delete I notice that my Windows firewall is also turned off which is a mystery and Windows is unable to turn Trojan downloader aapv generic6 it back on Can anyone help please Many thanks Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Ahead InCD InCDsrv exe C Program Files blueyonder PCguard fws exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS SOUNDMAN EXE C Trojan downloader generic6 aapv WINDOWS system RUNDLL EXE C Program Files Multimedia Card Reader shwicon k exe C Program Files Mouse Driver MouseDrv exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C Program Files ASUSTeK ASUSDVD PDVDServ exe C PROGRA Grisoft AVG avgcc exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C Program Files blueyonder IST bin mpbtn exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Common Files Command Software dvpapi exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C WINDOWS system wscntfy exe C Documents and Settings gary Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http g msn co uk SEENGB SAOS FORM TOOLBR R - HKCU Software Microsoft Internet Explorer Main Search Page http g msn co uk SEENGB SAOS FORM TOOLBR R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http g msn co uk SEENGB SAOS FORM TOOLBR R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO PopKill Class - C EA -E A - E -A -D B C A - C Program Files blueyonder PCguard pkR dll O - BHO ZKBho Class - E D-C B- D -B C- E A - C Program Files blueyonder PCguard FBHR dll O - BHO no name - A E - B - E- A - E EEBEA CA - C WINDOWS system catsrva dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Adobe PDF Conversion Toolbar Helper - AE CD -E - f- - EE - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO no name - D FBD - EC - - - E F - c windows system avtapit dll O - BHO EpsonToolBandKicker Class - E FB- DD- F -B AC-B CAE F A - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dll O - Toolbar EPSON Web-To-Page - EE D F- B- - D-C B AAEBA D - C Program Files EPSON EPSON Web-To-Page EPSON Web-To-Page dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - HKLM Run S... Read more

A:Trojan downloader generic6 aapv

Please can anyone help with this?
 

https://forums.techguy.org/threads/trojan-downloader-generic6-aapv.667185/
Relevancy 86%

Logfile of HijackThis Trojan Horse With Infected And Trojan Downloader.generic2.muz Horse Downloader.generic3.hxl v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS SYSTEM winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system acs Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl exeC WINDOWS System wltrysvc exeC WINDOWS System bcmwltry exeC WINDOWS system brsvc a exeC WINDOWS system spoolsv exeC WINDOWS system brss a exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgrssvc exeC WINDOWS system Brmfrmps exeC WINDOWS system nvsvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS system svchost exeC PROGRA Grisoft AVG avgfwsrv exeC WINDOWS System svchost exeC WINDOWS SYSTEM winlogon exeC WINDOWS Explorer EXEC Program Files Apoint K Apoint exeC WINDOWS AGRSMMSG exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Google Google Talk googletalk exeC PROGRA Grisoft AVG avgcc exeC Program Files Apoint K Apntex exeC WINDOWS system dla tfswctrl exeC Program Files Java jre bin jusched exeC Program Files Messenger msmsgs exeC WINDOWS system rundll exeC Program Files MSN Messenger msnmsgr exeC WINDOWS system ctfmon exeC Program Files SpywareGuard sgmain exeC Program Files SpywareGuard sgbhp exeC WINDOWS SYSTEM taskmgr exeC PROGRA Grisoft AVG avgvv exeC Program Files Mozilla Firefox firefox exeC TOOLKIT Anti-Spyware HijackThis HijackThis exeO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO SpywareGuard Download Protection - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run Apoint C Program Files Apoint K Apoint exeO - HKLM Run AGRSMMSG AGRSMMSG exeO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run googletalk C Program Files Google Google Talk googletalk exe autostartO - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run nwiz nwiz exe installO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - Startup SpywareGuard lnk C Program Files SpywareGuard sgmain exeO - Extra context menu item Customize Menu - file C Program Files Siber Systems AI RoboForm RoboFormComCustomizeIEMenu htmlO - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra context menu item Fill Forms - file C Program Files Siber Systems AI RoboForm RoboFormComFillForms htmlO - Extra context menu item RoboForm Toolbar - file C Program Files Siber Systems AI RoboForm RoboFormComShowToolbar htmlO - Extra context menu item Save Forms - file C Program Files Siber Systems AI RoboForm RoboFormComSavePass htmlO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' m... Read more

A:Infected With Trojan Horse Downloader.generic2.muz And Trojan Horse Downloader.generic3.hxl

Hello what-the? and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Can you post the log files from, or write down the information about, whatever program is finding these 2 things and where they are being found (like what files and file locations)?

Cheers.

OT

http://www.bleepingcomputer.com/forums/t/78959/infected-with-trojan-horse-downloadergeneric2muz-and-trojan-horse-downloadergeneric3hxl/
Relevancy 86%

Hi please help My computer infected with types of trojan horses Trojan horse Downloader Agent IOQ and Trojan horse Downloader Small AG I updated all my antivirus and antispyware boot to safe mode and manage to find and remove the trojan horses but it come back after I boot to normal mode My antivirus and antispyware are AVG antivirus AVG anti-spyware Spybot Ad-aware here I include my HijackThis logfile Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C Downloader.Agent.IOQ by Infected horse Downloader.Small.58.AG horse Trojan and Trojan WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C ACER PSM EXE C Program Files acer eRecovery Monitor exe C WINDOWS AGRSMMSG exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C WINDOWS system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS system ElkCtrl exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files Java jre bin jusched exe C Program Files Nokia Nokia PC Suite LaunchApplication exe C Program Files Windows Defender MSASCui exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Adobe Acrobat Reader reader sl exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C WINDOWS system svchost exe c windows system webpnt exe C Program Files PC Connectivity Solution ServiceLayer exe C Program Files iPod bin iPodService exe C WINDOWS system wuauclt exe c Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer iexplore exe C PROGRA Grisoft AVGFRE avgwb dat C PROGRA Grisoft AVGFRE avgvv exe D Downloaded software anti adware virus etc HJT HJT exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant about blank R - HKCU Software Microsoft Internet Explorer Main Start Page http sg yahoo com R - HKCU Software Microsoft Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG Internet Connection Wizard ShellNext http R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO ThunderIEHelper Class - A D-D - B A- F - D F - C WINDOWS system xunleibho Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG v dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO QQBrowserHelperObject Class - EBD A- BC - B- A- A CA - C Program Files Tencent QQ QQIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run LaunchApp Alaunch O - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exe O - HKLM Run eRecoveryService C Windows System Check exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run MPS C ACER PSM EXE O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY quot C WINDOWS system IME PINTLGNT ImScInst exe quot SYNC O - HKLM Run PHIME ASync quot C WINDOWS system IME TINTLGNT TINTSETP EXE quot SYNC O - HKLM Run PHIME A quot C WINDOWS system IME TINTLGNT TINTSETP EXE quot IMEName... Read more

A:Infected by Trojan horse Downloader.Agent.IOQ and Trojan horse Downloader.Small.58.AG

I think my computer is getting worse now. Anybody can help?

Logfile of HijackThis v1.99.1
Scan saved at 2:48:45 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\webpnt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Downloaded software\anti adware virus etc\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.yahoo.com.sg/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.0.0.138/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SysShellKernel - {E04B27AA-3973-4D68-8F42-B7C2FC8C6CF7} - C:\WINDOWS\system32\SysShellKernel.dll
O2 - BHO: MyFavor Web - {F7F49040-389C-4f1f-A825-06D5328EAE59} - C:\WINDOWS\system32\MyFavor.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..... Read more

https://forums.techguy.org/threads/infected-by-trojan-horse-downloader-agent-ioq-and-trojan-horse-downloader-small-58-ag.556592/
Relevancy 86%

On opening internet explorer this afternoon, AVG is finding the above threat and like other users I can't heal it or move it to the vault. The file name is C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe. Help would be appreciated
 

A:Trojan horse PSW. Generic6. AQPD

It is a false positive.

Either add the file to the exclusion list (AVG > Tools > Advanced Settings > Resident Shield > Exceptions > Add Path) or wait until a new update corrects the problem.
 

https://forums.techguy.org/threads/trojan-horse-psw-generic6-aqpd.769267/
Relevancy 86%

Hello I have a system that is PSW.Generic6.AXVQ horse Trojan infected with a Trojan horse The name of the Virus is PSW Generic AXVQ I did a search on AVG's Virus database but nothing shows up A Google search pulls up two sites one in English and one in German both of no use to Trojan horse PSW.Generic6.AXVQ me The file name it is under is atlsystem exe in the system directory and the process name is under is Trojan horse PSW.Generic6.AXVQ svchost exe Telling AVG to heal it does nothing says the file doesn't exist and moving it to the vault doesn't do anything as well The warning about the virus just pops up again a few minutes after AVG Trojan horse PSW.Generic6.AXVQ tries to remove it Here is my HiJackThis Log Any removal instruction's are appreciated Thanks Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system LEXBCES EXE C WINDOWS system spoolsv exe C WINDOWS System aniServ exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C WINDOWS system HPZipm exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files Dell Support Center bin sprtsvc exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C PROGRA AVG AVG avgrsx exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe C Program Files Java j re bin jusched exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Dell Media Experience PCMService exe C Program Files Apoint Apntex exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Picasa PicasaMediaDetector exe C Program Files ScanSoft OmniPageSE OpwareSE exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Verizon Wireless VZAccess Manager Drivers Palm TetherApp exe C PROGRA VERIZO VZACCE Drivers Palm PALMON EXE C Program Files iTunes iTunesHelper exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C Program Files Dell Support Center bin sprtcmd exe C PROGRA AVG AVG avgtray exe C WINDOWS system dla tfswctrl exe C Program Files Common Files ACD Systems EN DevDetect exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Viewpoint Viewpoint Manager ViewMgr exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C Program Files Digital Line Detect DLG exe C Program Files Hawking Common RaUI exe C Program Files palmOne Hotsync exe C Program Files HP Digital Imaging bin hpqtra exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqimzone exe C WINDOWS system wuauclt exe C PROGRA MICROS OFFICE OUTLOOK EXE C Program Files Internet Explorer IEXPLORE EXE C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Start Page http www foremost-mfg com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft In... Read more

A:Trojan horse PSW.Generic6.AXVQ

Really could use some help here. If my system is not infected based on this log please let me know! Thanks!

http://www.bleepingcomputer.com/forums/t/193070/trojan-horse-pswgeneric6axvq/
Relevancy 86%

Hi all Tonight I was using my PC when I got bumped out onto Horse Psw.generic6.abbk Trojan a warning window saying that AVG free had detected this Trojan Horse PSW Generic ABBK in the program folder quot PCFriendly quot I moved it into the Virus Vault as AVG suggested straight away and then scanned my computer with AVG and Spybot Search amp Trojan Horse Psw.generic6.abbk Destroy Spybot came up with warnings etc AVG came up with a handful of quot warning potentially dangerous quot cookies but no mention of the Trojan horse again I have tried searching all over for information about this trojan PC Friendly and haven t really found anything of use Is it a serious thing I should be worried about or is it just AVG playing up overreacting I guess it s important to note this PCFriendly stuff has been on my computer since January What is this Trojan eg is it a keylogger type thing Should I be changing my passwords etc on another system in particular my WoW password as I don t want to lose my account to a nasty keylogger I m running Windows XP Firefox with NoScript add-on Spybot Search amp Destroy and AVG Please help I m quite worried Thanks in advance Edit I should probably mention I wasn t running a scan at the time and AVG brought it up on its own

A:Trojan Horse Psw.generic6.abbk

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

http://www.bleepingcomputer.com/forums/t/168651/trojan-horse-pswgeneric6abbk/
Relevancy 86%

Hello,
Yesterday AVG (free version 8.0.175) picked up this trojan Horse. I moved it to the Virus Vault and then Emptied the vault. Today I booted up and the same thing happened.

How do I actually get rid of this thing? Should I tell AVG to "heal" it instead of moving it to the vault?

Thank you for any help you can give me
 

https://forums.techguy.org/threads/trojan-horse-psw-generic6-aqpa-help.772285/
Relevancy 86%

trojan horse PSW.Generic6.AQPD

This popped up from AVG this morning. I was scanning with Defender for spyware at the time and they found nothing. Meanwhile, AVG detected this and I wasn't surfing at the time.

In the past I have had warning regarding certain viruses but they turned out to be a type of spyware or something and not a virus. I read a previous posting here on another trojen horse PSW generic 6 with a different suffix, and the community seemed to agree that this was not a virus. I am hoping my problem will be the same.

This was in my windows/system 32/macromed/flash/flashutil10a.exe file.

I hope someone can help me. I'm new and this is my first post.

A:trojan horse PSW.Generic6.AQPD

Update AVG antivirus and scan again.

It's been reported that the false detection of this 'trojan' has been fixed.

http://www.bleepingcomputer.com/forums/t/179920/trojan-horse-pswgeneric6aqpd/
Relevancy 86%

Removing Trojan Generic CCK from your system Go into My Computer and Click on Tools gt Folder Options gt View and do the following Click on Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files Recommended Apply your settings and choose OK Remember to set your original settings back by applying default settings under the same window I ran AVG and also NOD I used the trial version of AVG software I ran NOD at the same time I noticed that everytime I ran NOD it locked the system up as soon as it was checking c System Volume Information I rebooted into Safe Mode and ran it again This time it ran Removal Horse Generic6.CCK Trojan all night In the morning I checked the Event Log for AVG AVG detected the Trojan - Generic CCK which had Trojan Horse Generic6.CCK Removal situated itself in the System Volume Information of Volume C My hard drive It also had replicated itself into my Documents and Settings folder and changed the extensions of its name By this time I was especially frustrated but dedicated to eradicating the trojan and not too interested in running Trojan Horse Generic6.CCK Removal Windows XP Trojan Horse Generic6.CCK Removal Pro CD to re-image the drive I went into regedit did a search on the trojan and deleted one aspect of it I also went into My Computer Properties and Ran Disk Cleanup Then I ran System Mechanic It located the virus and deleted the virus I hate to say it but for me System Mechanic seems to be the best tool to use to eradicate this virus Of course I wouldn t rule out following the above steps either Follow everything including running System Mechanic and you should be able to get rid of the Trojan If you need to run your Windows XP Pro CD and do repairs on the OS This is a nasty Trojan What it has done to my laptop When it first infected my system I was able to surf the net using IE After a while though I wasn t able to access my email using hotmail or yahoo Whenever I clicked on Mail the page would error out Over a period of time that also changed I was no longer to access anything on the net which included surfing the net using both IE and Firefox Mozilla The only thing I could do was view the home page of Yahoo so it appeared I was working offline even though I wasn t Also this trojan infects your cookies It also infects auto msn search in your cookies You will notice that you will not be able to access any page with the exception of Yahoo You can go into your cmd and ping yahoo com and google with successful results however when you attempt to ping msn com cmd will time out I hope all of you reading this find it helpful Certified fix nbsp

https://forums.techguy.org/threads/trojan-horse-generic6-cck-removal.648750/
Relevancy 86%

My antivirus AVG detected trojan horse PSW Generic AQPD this morning Here is my HiijackThis Log Logfile of Trend Micro HijackThis v Scan saved PSW.Generic6.AQPD Horse Trojan at AM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Windows RtHDVCpl exeC hp support hpsysdrv exeC Trojan Horse PSW.Generic6.AQPD Program Files Hewlett-Packard Trojan Horse PSW.Generic6.AQPD On-Screen OSD Indicator OSD exeC Program Files Java jre bin jusched exeC Program Files AVG AVG avgtray exeC Program Files winsim ConnectionManager Simply SystemTrayIcon exeC Program Files Portrait Displays Pivot Software wpCtrl exeC Program Files Portrait Displays HP My Display dthtml exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Microsoft IntelliType Pro itype exeC Program Files Portrait Displays Pivot Software floater exeC Program Files Microsoft IntelliPoint ipoint exeC Program Files Maxtor OneTouch Status MaxMenuMgr exeC Program Files Adobe Reader Reader reader sl exeC Windows System rundll exeC Program Files iTunes iTunesHelper exeC Program Files HP HP Software Update hpwuSchd exeC Program Files Hewlett-Packard HP Advisor HPAdvisor exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Users Owner AppData Local Google Update GoogleUpdate exeC Program Files Windows Media Player wmpnscfg exeC Program Files Common Files Portrait Displays Shared HookManager exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Google Google Desktop Search GoogleDesktop exeC Program Files Internet Explorer IEUser exeC Program Files Internet Explorer iexplore exeC hp kbd kbd exeC Users Owner Desktop HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www cbc ca news R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a amp pf desktopR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Program Files AVG AVG avgssie dllO - BHO NCO IE BHO - ADB E- AFF- - AA - DAC DFA - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar no name - FEBEFE - B - - D -FFB D B CA - no file O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run RtHDVCpl RtHDVCpl exeO - HKLM Run hpsysdrv ... Read more

A:Trojan Horse PSW.Generic6.AQPD

I did some more reasearch on the net, and read that only AVG users are getting these Trojan Horse PSW.Generic6.AQPD warnings. Apparently it is a "false positive" situation. I downloaded the latest AVG updates and no longer get the warnings.

It is safe to assume I do not have a trojan? Please advise.

http://www.bleepingcomputer.com/forums/t/179904/trojan-horse-pswgeneric6aqpd/
Relevancy 86%

I use AVG Today upon entering ebay I immediately had resident shield flag this Trojan Horse times UPDATE WE SEEM TO HAVE PICKED IT UP FROM ADOBE FLASH PLAYER iT TRIEDS TO LOAD EACH TIME IT TRIES TO RUN PLEASE HELP PSW.Generic6.AQPD Horse HELP! Trojan I have no idea how to get rid of it as it is in the svchost exe in windows Can anyone help me get rid of it AVG called it this Trojan Horse PSW Generic AQPD yes Trojan Horse PSW.Generic6.AQPD HELP! it has a quot Q quot Thank you for any help Here is the Hijack This log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Vista SP WinNT MSIE Internet Trojan Horse PSW.Generic6.AQPD HELP! Explorer Trojan Horse PSW.Generic6.AQPD HELP! v Boot mode Normal Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Intel Intel Matrix Storage Manager IAAnotif exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Windows Defender MSASCui exe C Program Files Toshiba Power Saver TPwrMain exe C Program Files Toshiba SmoothView SmoothView exe C Program Files Toshiba FlashCards TCrdMain exe C Program Files ATI Technologies ATI ACE Core-Static MOM EXE C Program Files Toshiba ConfigFree NDSTray exe C Program Files CyberLink PowerCinema for TOSHIBA PCMAgent exe C Program Files CyberLink PowerCinema for TOSHIBA Kernel CLML CLMLSvc exe C Program Files AVG AVG avgtray exe C Program Files Softex OmniPass scureapp exe C Program Files Java jre bin jusched exe C Program Files Toshiba TOSCDSPD TOSCDSPD exe C Program Files Skype Phone Skype exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Windows ehome ehtray exe C Program Files Windows Media Player wmpnscfg exe C Program Files Siber Systems AI RoboForm robotaskbaricon exe C Windows System mobsync exe C Windows ehome ehmsas exe C Program Files Toshiba ConfigFree CFSwMgr exe C Program Files Skype Plugin Manager skypePM exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Synaptics SynTP SynTPHelper exe C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C PROGRA AVG AVG aAvgApi exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files AVG AVG avgui exe C Windows System notepad exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www toshibadirect com dpdstart R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll file missing O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar AVG Security Toolbar - A A -BACC- D - - A E E - C PROGRA AVG AVG AVGTOO DLL O - Toolbar amp RoboForm - d a - d - d - - e a - C P... Read more

A:Trojan Horse PSW.Generic6.AQPD HELP!

It's a false positive. No need to worry.

You can either add the file to AVG's exclusion list or wait until a new update corrects the problem.
 

https://forums.techguy.org/threads/trojan-horse-psw-generic6-aqpd-help.769220/
Relevancy 86%

Yep I DID by quot accident quot press quot run quot to some strange program I really wasn Trojan horse PSW.Generic6.BEPR t sure of So now I ve run into some problems with Trojan Horses First I ran the newest free Adaware and found a Trojan Horse and deleted it Then I tried with AVG and found a new one named in the title This has ofcourse been removed to the virus vault and should be out of harm After another check with AVG I found nothing so I suppose I should be clean However I still can t get myself to log-on on my online bankaccount What if you know I ve followed all the instructions on your site regarding the Trojan horse PSW.Generic6.BEPR Hijack This-program and the needed Log-file My operating system Trojan horse PSW.Generic6.BEPR is Windows XP I haven Trojan horse PSW.Generic6.BEPR t had any sort of quot alarm quot -pop-ups probably since I first installed these two programs just now to check Logfile of Trend Micro HijackThis v Scan saved at on - - Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Programmer F lles filer Apple Mobile Device Support bin AppleMobileDeviceService exe C Programmer Bonjour mDNSResponder exe C WINDOWS system svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Programmer VIA RAID raid tool exe C WINDOWS SOUNDMAN EXE C Programmer ATI Technologies ATI Control Panel atiptaxx exe C Programmer iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Programmer DNA btdna exe C Programmer iPod bin iPodService exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgrsx exe C Programmer AVG AVG avgcsrvx exe C Programmer AVG AVG avgtray exe C PROGRA AVG AVG avgnsx exe C Programmer AVG AVG avgui exe C Programmer Internet Explorer iexplore exe C Programmer Internet Explorer iexplore exe C Programmer AVG AVG avgcsrvx exe C Programmer Windows Live Messenger msnmsgr exe C Programmer Windows Live Contacts wlcomm exe C Programmer Internet Explorer iexplore exe C Documents and Settings Andreas Redsted Dokumenter Downloads HijackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName Hyperlinks O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Programmer F lles filer Adobe Acrobat ActiveX AcroIEHelper dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - C Programmer AVG AVG avgssie dll O - BHO Hj lp til tilmelding til Windows Live - D - C - ABF- ECC- C - C Programmer F lles filer Microsoft Shared Windows Live WindowsLiveLogin dll O - HKLM Run RaidTool C Programmer VIA RAID raid tool exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run ATIPTA C Programmer ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run Adobe Reader Speed Launcher quot C Programmer Adobe Reader Reader Reader sl exe quot O - HKLM Run DAEMON Tools quot C Programmer DAEMON Tools daemon exe quot -lang O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run QuickTime Task quot C Programmer QuickTime qttask exe quot -atboottime O - HKLM Run iTunesHelper quot C Programmer iTunes iTunesHelper exe quot O - HKLM Run NetLimiter C Programmer NetLimiter NetLimiter exe s O - HKLM Run AKIG Agent C WINDOWS system AKIG ... Read more

A:Trojan horse PSW.Generic6.BEPR

Hello Redsted,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.
 

https://forums.techguy.org/threads/trojan-horse-psw-generic6-bepr.865986/
Relevancy 86%

Greetings I want to thank you prematurely for taking the time to fix my problem I seem to have acquired a Trojan I'm fairly seasoned in taking care of virii and such so it was a surprise to me to find that I could not eliminate this one It's causing pop-ups to appear as both IE windows and Firefox tabs Nothing detects it when I scan the only reason I know anything about it is that AVG Anti-virus keeps popping up saying quot Threat Detected quot Clicking quot Heal quot or quot Move to Vault quot does nothing Furthermore when I attempt to search for the file -- C Windows Gwang exe -- that AVG points to Horse Downloaded.generic6.yuu Trojan as causing the Trojan Downloader Generic YUU to run it does not exist Even with hidden files turned on etc I know the drill I've wiped out Vundo and Smitfraud and tackled more Trojans than can fit in a wooden horse But I'm absoluely stumped I ran four programs in Safe Mode last night and today I started with AVG Antivirus segueing into Spybot segueing into AVG Antispyware the Ewido thing segueing Trojan Horse Downloaded.generic6.yuu into Ad-Aware finally coming back completely clean Trojan Horse Downloaded.generic6.yuu Rebooted AVG still detected the Trojan and the pop-ups kept coming I found out System Restore was still on so I turned it off It's been off ever since I checked for more answers online and came across SUPERAntispyware It detected a bunch of garbage I didn't even know I had Still had the pop-ups I'm running Housecall as I type this But please PLEASE PLEASE help me get rid of these I'm at my wit's end Thank you This is what my HijackThis logs look like Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Common Files Creative Labs Shared Service CreativeLicensing exeC WINDOWS system CTsvcCDA exeC Program Files Cisco Systems VPN Client cvpnd exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Dell QuickSet NICCONFIGSVC exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC WINDOWS system Ati evxx exeC WINDOWS system ctfmon exeC WINDOWS Explorer EXEC WINDOWS system dllhost exeC WINDOWS ehome ehtray exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Creative SBAudigy Surround Mixer CTSysVol exeC WINDOWS system Rundll exeC WINDOWS eHome ehmsas exeC Program Files CyberLink PowerDVD DVDLauncher exeC DOCUME ZACK DFL LOCALS Temp clclean C Program Files Common Files Real Update OB realsched exeC Program Files iTunes iTunesHelper exeC Program Files Grisoft AVG Anti-Spyware avgas exeC PROGRA Grisoft AVG avgcc exeC WINDOWS troy exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files iPod bin iPodService exeC Program Files FlashMute FlashMute exeC Program Files Common Files InstallShield UpdateService isuspm exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Digital Line Detect DLG exeC Program Files ATI Technologies ATI ACE cli exeC WINDOWS system wscntfy exeC WINDOWS system wuauclt exeC Program Files Mozilla Firefox firefox exeC PROGRA Grisoft AVG avgvv exeC WINDOWS system notepad exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page about blankR - HKLM Software Microsoft Internet Explorer Main Default Page URL http www de... Read more

A:Trojan Horse Downloaded.generic6.yuu

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

http://www.bleepingcomputer.com/forums/t/123140/trojan-horse-downloadedgeneric6yuu/
Relevancy 86%

I recently got a trojan horse Generic AAOG AVG free edition detected it on different scans But now it detects nothing I am using avg free edition and ad aware This is on a computer running win xp pro sp using ie I had no problems running any software until this popped up Now I frequently get bumped out of any Generic6.AAOG horse Trojan game I try to play such as Call of Duty Quake Sims And now it just started giving me problems in internet explorer Giving me Trojan horse Generic6.AAOG the generic message that ie has encountered a problem and needs to shut it self down Please help I m contemplating format C I just built this computer months ago Trojan horse Generic6.AAOG so there is not Trojan horse Generic6.AAOG a lot on it yet but I d rather not go there unless I have to Here is my HiJackThis log Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C PROGRA Grisoft AVG avgcc exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files FarStone VirtualDrive VDTask exe C Program Files FarStone VirtualDrive VHD RDTask exe C Program Files Microsoft IntelliType Pro itype exe C Program Files Microsoft IntelliPoint ipoint exe C WINDOWS system RUNDLL EXE C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Linksys EasyLink Advisor LinksysAgent exe C WINDOWS system spoolsv exe C WINDOWS ATKKBService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C WINDOWS CDProxyServ exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www foxnews com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer actsvr comcastonline com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride actsvr comcastonline com O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run SoundMAXPnP C Program Files Analog Devices Core smax pnp exe O - HKLM Run SoundMAX quot C Program Files Analog Devices SoundMAX Smax exe quot tray O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run VirtualDrive quot C Program Files FarStone VirtualDrive VDTask exe quot AutoRestore O - HKLM Run RAMDrive quot C Program Files FarStone VirtualDrive VHD RDTask exe quot AutoRestore O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run itype quot C Program Files Microsoft IntelliType Pro itype exe quot O - HKLM ... Read more

https://forums.techguy.org/threads/trojan-horse-generic6-aaog.687080/
Relevancy 84.71%

I made a vital mistake of opening a email that directed me to a message board on a classmates site for information on our next class reunion It wanted to click on a PDF file to view the information on video about the reunion This installed the Trojan horse to my system and was picked up by AVG AVG says it healed it however I kept receiving a message that a threat was detected I tried putting it in the virus vault and nothing changed So I started googling how to get rid of it I found a forum that someone had posted this very problem in The replier told her to use Combofix so I downloaded combofix and ran it I have a log file and am wondering what to do next I originally posted this in another forum on this site and the person who replied told me ComboFix was to be used only under supervision of an expert Backdoor.Generic6.EEU Removing Trojan Help Horse I understand that now but didn t realize that when I ran it I use a desktop replacement with OS Windows XP Basically what s happening is the Trojan is slowing my computer down especially when I have AVG enabled I have it disabled now so I could run ComboFix It doesn t really appear to be causing any other problems at the moment but as soon as I realized I had a Trojan on my computer I basically stopped using it I can use internet explorer fine but programs such as iTunes and Word are having trouble starting up It s more of an annoyance than anything else at this point but I d rather not Help Removing Trojan Horse Backdoor.Generic6.EEU wait until it turns into a big problem Thanks for your help in advance

A:Help Removing Trojan Horse Backdoor.Generic6.EEU

Hello Chrissytina.Let's see what we can find.Download and run MalwareBytes Anti-MalwareIf you already have MBAM installed, simply update and run a quick scan.Please download Malwarebytes Anti-Malware setup and to your desktop.alternate download link 1alternate download link 2Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin). If you have trouble updating, try the other mirror download site.Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.If MalwareBytes asks to reboot to remove certain items, do so right away.Please include the scan logfile in your next reply.With Regards,The Panda

http://www.bleepingcomputer.com/forums/t/192838/help-removing-trojan-horse-backdoorgeneric6eeu/
Relevancy 84.71%

I made a vital mistake of opening a email that directed me to a message board on a classmates site for information on our next class reunion. It wanted to click on a PDF file to view the information on video about the reunion. This installed the Trojan horse to my system and was picked up by AVG. AVG says it healed it however, my system still show it in memory and keeps shutting down with a microsoft protection error code or 1073241819 or 1073741819.
How can I remove this from my system without a complete format?
 

A:Help Removing Trojan Horse Backdoor.Generic6.EEU

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.

================

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

=============

Please include the C:\ComboFix.txt and a HijackThis log in your next reply

Regards

eddie
 

https://forums.techguy.org/threads/help-removing-trojan-horse-backdoor-generic6-eeu.782177/
Relevancy 84.71%

AVG free version is giving me a frequent Resident Shield alert for Trojan horse PSW.Generic6.BEJD. I believe I may have more issues than this. I run AVG daily as well as spybot.
I ran Malwarebytes and it found nothing. If anyone has some guidance for me it would be greatly appreciated.

A:Trojan horse PSW.Generic6.BEJD infection

Hello and welcome, let's run these and look at the logs.First We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and DestroyFrom your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.Please post back 2 logs and tell how the PC is running,thanks.

http://www.bleepingcomputer.com/forums/t/210120/trojan-horse-pswgeneric6bejd-infection/
Relevancy 84.71%

Today AVG popped with a warning times that it had blocked trojan horse dropper generic bzel Did a scan with MBAM and it found nothing Did a full scan with AVG and it found more of AVG trojan dropper.generic6 warning horse the same I m not getting any visible effects such as redirects but I m concerned AVG warning trojan horse dropper.generic6 all the same MANY THANKS IN ADVANCE Logs Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C PROGRA AVG AVG avgchsvx exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe AVG warning trojan horse dropper.generic6 C WINDOWS System svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS ehome ehtray exe C Program Files HP HP Software Update HPwuSchd exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files iTunes iTunesHelper exe C Program Files AVG AVG avgtray exe C Program Files AVG Secure Search vprot exe C Program Files DivX DivX Update DivXUpdate exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files TheWeatherNetwork WeatherEye WeatherEye exe C WINDOWS system ctfmon exe C Program Files AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehRecvr exe C Program Files AVG AVG Identity Protection agent bin avgidsmonitor exe C Program Files WinZip WZQKPICK EXE C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system svchost exe C Program Files Common Files AVG Secure Search vToolbarUpdater ToolbarUpdater exe C Program Files AVG AVG Identity Protection Agent Bin AVGIDSAgent exe C Program Files AVG AVG avgnsx exe C WINDOWS system wscntfy exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C HP KBD KBD EXE C WINDOWS RTHDCPL EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe c windows system hpsysdrv exe C Program Files Java jre bin jusched exe C Program Files Java jre bin jucheck exe C Program Files Azureus Azureus exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings HP Administrator Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN CA amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Start Page http www google ca R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN CA amp c Q amp bd pavilion amp pf desktop R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN CA amp c Q amp bd pavilion amp pf desktop R - URLSearchHook no name - A BC A - F - -AA - D C - no file R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - no file O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Increase... Read more

Relevancy 84.71%

I made a vital mistake of opening a email that directed me to a message board on a classmates site for information on our next class reunion. It wanted to click on a PDF file to view the information on video about the reunion. This installed the Trojan horse to my system and was picked up by AVG. AVG says it healed it however I kept receiving a message that a threat was detected. I tried putting it in the virus vault and nothing changed. So, I started googling how to get rid of it. I found a forum that someone had posted this very problem in. The replier told her to use Combofix, so I downloaded combofix and ran it. I have a log file. Now what do I do?

A:Help Removing Trojan Horse Backdoor.Generic6.EEU

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem, In the Am I Infected forum. Describe pop-ups and system tray or problems that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

http://www.bleepingcomputer.com/forums/t/192822/help-removing-trojan-horse-backdoorgeneric6eeu/
Relevancy 84.71%

for some reason it wont let me get rid of it. saying the 'action was interrupted by user' this is really stressing me out. please help. my pc was fine last night and on start i have had this pop up from AVG.

much appreciated
apparently ive searched my files and its Adobe Activex. how harmful is this?
 

Relevancy 84.71%

Please help My computer is infected with Trojan Horses There are of them Trojan Horse Pakes U Trojan Horse Downloader Generic NEA and Trojan Horse Generic ALS They keep coming back after removal They are alway in Temporary Internet Files directory and windows system directory I have AVG Spybot Ad-aware awido antispyware windows defender installed in my computer I also downloaded SmitfraudFix combofix exe KillBox exe Look Me-Destroyer exe VirtumundoBeGone exe VundoFix exe and autoruns exe after reading your forum However I didn t run some of them as I don t know how to use it Attached my HJT log Thank you Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C Horse Generic2.ALS Trojan Trojan Pakes.U, Generic2.NEA, Solved: Horse Downloader Horse Trojan WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS System svchost exe C WINDOWS system spoolsv exe c program files common files logitech lvmvfm LVPrcSrv exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C Program Files CyberLink PowerDVD PDVDServ exe C ACER PSM EXE C WINDOWS AGRSMMSG exe C Program Files Java jre bin jusched exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C WINDOWS ALCMTR EXE C PROGRA Grisoft AVGFRE avgamsvr exe C Program Files iTunes iTunesHelper exe C Program Files ZyDAS Technology Corporation ZyDAS Wireless LAN ZDConfig EXE C Program Files Common Files PCSuite DataLayer DataLayer exe C Program Files acer eRecovery Monitor exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files ewido anti-spyware guard exe C Program Files Nokia Nokia PC Suite LaunchApplication exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video CameraAssistant exe C WINDOWS system svchost exe C WINDOWS system ElkCtrl exe C Program Files Windows Defender MSASCui exe C PROGRA Grisoft AVGFRE avgcc exe C WINDOWS system ctfmon exe C PROGRA COMMON PCSuite Services SERVIC EXE C Program Files MSN Messenger MsnMsgr Exe C Program Files iPod bin iPodService exe D Downloaded software anti adware virus etc HJT HJT exe R - HKCU Software Microsoft Internet Explorer Main SearchAssistant about blank R - HKCU Software Microsoft Internet Explorer Main Start Page http sg yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http O - BHO ThunderIEHelper Class - A D-D - B A- F - D F - C WINDOWS system xunleibho v dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO QQBrowserHelperObject Class - EBD A- BC - B- A- A CA - C Program Files Tencent QQ QQIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - a f - - d- d -b b e fcca - C WINDOWS system ixt dll file missing O - HKLM Run LaunchApp Alaunch O - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exe O - HKLM Run eRecoveryService C Windows System Check exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run MPS C ACER PSM EXE O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run MSPY C WINDOWS system IME PINTLGNT ImScInst exe SYNC O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run AGRSMMSG AGRSMMSG exe O - HKLM Run SunJavaUpdat... Read more

A:Solved: Trojan Horse Pakes.U, Trojan Horse Downloader Generic2.NEA, Trojan Horse Generic2.ALS

https://forums.techguy.org/threads/solved-trojan-horse-pakes-u-trojan-horse-downloader-generic2-nea-trojan-horse-generic2-als.498877/
Relevancy 83.85%

Thank you in advance for the help I scanned our computer with Free AVG and it says there are Trojan horse PSW Generic ASVB and Trojan horse Generic BHES as infections The Generic appears twice There are also I would very much appreciate knowing if this is serious and what to do about it MaryBC DDS Ver - - - NTFSx Run by User at on Tue Internet Explorer Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning horse Trojan & Generic10.BHES PSW.Generic6.ASVB enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system pctspk exe C Program Files HP HP Software Update HPWuSchd exe C PROGRA AVG AVG avgtray exe C WINDOWS system ctfmon exe C Program Files CallWave IAM exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Microsoft Office Office OSA EXE C PROGRA AVG AVG avgwdsvc exe C WINDOWS runservice exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system MsPMSPSv exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files Canon CAL CALMAIN Trojan horse PSW.Generic6.ASVB & Generic10.BHES exe C PROGRA AVG AVG avgemc exe C PROGRA AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files HP Digital Imaging bin hpqSTE exe C PROGRA AVG AVG avgnsx exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Documents and Settings User Desktop dds scr Pseudo HJT Report uStart Page about blank uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL TB AVG Security Toolbar a a -bacc- d - - a e e - c progra avg avg AVGTOO DLL TB Yahoo Toolbar ef bd -c fb- d - f- d f - uRun ctfmon exe c windows system ctfmon exe mRun PCTVOICE pctspk exe mRun HP Software Update c program files hp hp software update HPWuSchd exe mRun AVG TRAY c progra avg avg avgtray exe StartupFolder c docume user startm programs startup micros lnk - c program files microsoft office office FINDFAST EXE StartupFolder c docume user startm programs startup office lnk - c program files microsoft office office OSA EXE StartupFolder c docume alluse startm programs startup adober lnk - c program files adobe acrobat reader reader sl exe StartupFolder c docume alluse startm programs startup callwave lnk - c program files callwave IAM exe StartupFolder c docume alluse startm programs startup hpdigi lnk - c program files hp digital imaging bin hpqtra exe StartupFolder c docume alluse startm programs startup hpphot lnk - c program files hp digital imaging bin hpqthb exe StartupFolder c docume alluse startm programs startup micros lnk - c program files microsoft access office OSA EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE E D C E- B F- D -B C - C C - c program files yahoo messenger YahooMessenger exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe Trusted Zone yahoo com www DPF - f - bb - d -fa d f a ab - c program files yahoo common yinsthelper dll DPF - E - C-A - B - hxxps wimpro cce hp com ChatEntry downloads sysinfo cab DPF E A- D- EE - C-DC FA D FC - hxxp update microsoft com microsoftupdate v V Controls en x client muweb site cab DPF ECB AA- - C-A AB-D DAD EE - hxxp h www hp com ediags gmn install HPProductDetection cab DPF CF ACC -E BB- AFF-AC - C F BCA DPF D CDB E-AE D- CF- B - - hxxp fpdownload macromedia com get flashplayer current swflash cab DPF D CE - - - A - A D - hxxps netbank danskebank dk html activex e-Safekey DB e-Safekey cab Handler linkscanner - F C- F - D -A D -FBDDE F D - c program files avg avg avgpp dll Notify avgrsstarter - avgrsstx dll SSODL WPDShService... Read more

A:Trojan horse PSW.Generic6.ASVB & Generic10.BHES

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HEREOrange Blossom

http://www.bleepingcomputer.com/forums/t/217579/trojan-horse-pswgeneric6asvb-generic10bhes/
Relevancy 82.99%

A hacker has managed to plant this virus in my system and therefore has all my MSN, Steam, Gmail and other account data. After sorta making friends with him on msn (was chatting with myself or him for awhile), I managed to find out the program he used to generate the virus is Codesoft PW Stealer. (This guy is from Germany too hehe) However, I am unable to generate the "proper" GMER log as all options above Services have been grayed out. Is there any other program I can use? If wanted, I below is also the url of the virus:removed malicious url.--ST.

A:Trojan horse PSW.Generic6.AEYO from Codesoft-built program

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/385179/trojan-horse-pswgeneric6aeyo-from-codesoft-built-program/
Relevancy 82.99%

I have an HP Pavilion DV laptop running Windows Vista Home with AVG Free as my virus protection software I started having trouble with my computer last week with I thought only my DVD CD drive The CD DVD drive was popping open Trojan finds infected AVG PSW.Generic6.AQPD--removes, horse maybe? but still unprovoked I contacted HP via email for advice AVG finds Trojan horse PSW.Generic6.AQPD--removes, but still infected maybe? because I had just recently installed a new drive the last one AVG finds Trojan horse PSW.Generic6.AQPD--removes, but still infected maybe? was defective They said it sounded like I had a virus Well I ran AVG and sure enough it found what it calls a Trojan horse PSW Generic AQPD in the file Windows System macromed Flash FlashUtil a exe AVG moves it to the virus vault I get online to see what to do and AVG's site says it is enough to delete the file So I empty the virus vault Well the computer is STILL behaving strangly I realise that symptoms I've been having for a while could all be tied together The CD DVD drive is still popping open randomly iTunes still gives me the warning about registry settings when I open it AND Outlook randomly tries to get me to enter my login and password details for the POP server for my mail even though it's saved on automatic send and receive from my wireless broadband connection Now that I think of it Internet Explorer was crashing regularly and when it did it told me Adobe Flash was at fault My question is could the virus still be present on my computer even though AVG doesn't think it is Or could it have done damage that I need to rectify even though it's no longer present By way of my own attempts at fixing I re-scanned with AVG finding nothing from the AVG site I downloaded VCleaner and scanned with that which closed without giving me a report or anything and I tried to scan from the internet using Trend Micro Housecall but it wouldn't recognise that I did indeed have the updated version of Java installed on my system so wouldn't run properly Many thanks for any help anyone can provide Carrie My DDS txt DDS Version - NTFSx Run by Owner at on Tue Microsoft Windows Vista Home Premium GMT - Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k rpcss C Windows System svchost exe -k secsvcs C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system svchost exe -k NetworkService C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA AVG AVG avgwdsvc exe C Program Files Bonjour mDNSResponder exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Windows system svchost exe -k NetworkServiceNetworkRestricted C Program Files HP QuickPlay Kernel TV QPCapSvc exe C PROGRA AVG AVG avgrsx exe C Program Files CyberLink Shared Files RichVideo exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HP QuickPlay Kernel TV QPSched exe C Windows system taskeng exe C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files HP QuickPlay QPService exe C Program Files Hewlett-Packard HP Quick Launch Buttons QLBCTRL exe C Program Files Hewlett-Packard HP QuickTouch HPKBDAPP exe C Program Files Windows Defender MSASCui exe C Program Files HP Digital Imaging bin HpqSRmon exe C Program Files Hewlett-Packard HP Wireless Assistant HPWAMain exe C Program Files Hewlett-Packard HP Wireless A... Read more

A:AVG finds Trojan horse PSW.Generic6.AQPD--removes, but still infected maybe?

NEW SYMPTOM: while attaching a picture to an email message in Outlook, the screen went wonky (as in lots of noise and wavy-ness). I really think something is wrong here but I don't know what. This computer is only a few months old!

Thanks,

Carrie

http://www.techsupportforum.com/forums/f100/avg-finds-trojan-horse-psw-generic6-aqpd-removes-but-still-infected-maybe-314372.html
Relevancy 82.13%

Hello, I have been trying for ever to get rid of these viruses and nobody is willing to help me. Please somebody intelligent with the knowledge to get rid of these viruses tell me how to get rid of these three that my AVG Anti-Virus detected:

A) Generic_c.QZU
B) Generic10.ALHO
C) Generic6.AQPD
I have included a hijack this log in the attachment, along with my general computer information in the other screenshot.
Sincerely,
RedGrant
 

https://forums.techguy.org/threads/three-trojan-horse-viruses-generic_c-qzu-generic10-alho-generic6-aqpd.794735/
Relevancy 81.27%

picked up these bad boys when i was stupid and launched an exe that i help. horse/downloader trojan.vundo/trojan Solved: virus wasn t too sure of in the first place anyway nothing i have is getting rid of them the following is my HJT log Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Microsoft Windows OneCare Live Antivirus MsMpEng exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS system spoolsv exe C Program Files Alias Maya docs Wrapper exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Solved: trojan.vundo/trojan horse/downloader virus help. Program Files Solved: trojan.vundo/trojan horse/downloader virus help. Common Files Autodesk Shared Service AdskScSrv exe C WINDOWS system CTsvcCDA exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Alias Maya docs jre bin java exe C Program Files Autodesk dsMax mentalray satellite raysat dsmax server exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe C Program Files Symantec AntiVirus Rtvscan Solved: trojan.vundo/trojan horse/downloader virus help. exe C Program Files Microsoft Windows OneCare Live Firewall msfwsvc exe C Program Files Microsoft Windows OneCare Live winss exe C WINDOWS Explorer EXE C Program Files Microsoft Windows OneCare Live winssnotify exe C WINDOWS SOUNDMAN EXE C Program Files Common Files Symantec Shared ccApp exe C PROGRA SYMANT VPTray exe C Program Files CyberLink PowerDVD PDVDServ exe C Program Files Logitech Video LogiTray exe C Program Files Common Files Real Update OB realsched exe C Program Files Java jre bin jusched exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system wuauclt exe C WINDOWS CTHELPER EXE C WINDOWS system CTXFIHLP EXE C WINDOWS SYSTEM CTXFISPI EXE C WINDOWS system rundll exe C WINDOWS system regsvr exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C WINDOWS system LVComS exe C Program Files Common Files Ahead lib NMBgMonitor exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Creative MediaSource Detector CTDetect exe C Program Files Pando Networks Pando Pando exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Logitech SetPoint SetPoint exe C Program Files Common Files Logitech KHAL KHALMNPR EXE C Program Files HP Digital Imaging bin hpqSTE exe C Program Files iPod bin iPodService exe C WINDOWS system NOTEPAD EXE C Documents and Settings Steve Desktop KillBox exe C Documents and Settings Steve Desktop HijackThis exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInit O - HKLM Run Logitech Hardware Abstraction Layer KHALMNPR EXE O - HKLM Run NVIDIA nTune quot C Program Files NVIDIA Corporation nTune nTune exe quot clear O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run vptray C PROGRA SYMANT VPTray exe O - HKLM Run NVRTCLK C WINDOWS system NVRTCLK NVRTClk exe O - HKLM Run RemoteControl quot C Program Files CyberLink PowerDVD PDVDServ exe quot O - HKLM Run LogitechVideoRepair C Program Files Logitech Video ISStart exe O - HKLM Run LogitechVideoTray C Program Files Logitech Video LogiTray exe O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB... Read more

Relevancy 80.84%

Hi I have Norton AntiVirus and it has detected a Trojan Horse virus in C WINDOWS system req dll I have tried to delete the virus but Norton will not Trojan in system32\req.dll Solved: horse delete it I have also tried to delete the virus by going into Windows XP safe mode while Solved: Trojan horse in system32\req.dll shutting off the system restore I have tried the Norton stuff but cannot get rid of the Norton warning that I have the Trojan req dll Basically I seem to have tried and searched everything Here is my log from HijackThis Any help is greatly appreciated Thank you Logfile of HijackThis v Solved: Trojan horse in system32\req.dll Scan saved at p m on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Norton AntiVirus navapsvc exe C WINDOWS System hkcmd exe C Program Files Dell Media Experience PCMService exe C WINDOWS system dla tfswctrl exe C Program Files Hewlett-Packard Toolbox Apache Tomcat webapps Toolbox StatusClient StatusClient exe C Program Files Microsoft AntiSpyware gcasServ exe C Program Files Messenger msmsgs exe C Program Files Internet Explorer iexplore exe C Program Files Digital Line Detect DLG exe C Program Files Hewlett-Packard Toolbox Javasoft JRE bin javaw exe C Program Files Microsoft AntiSpyware gcasDtServ exe C WINDOWS explorer exe C Solved: Trojan horse in system32\req.dll Program Files Internet Explorer iexplore exe C Documents and Settings Bob Turner Desktop hijackthis HijackThis exe C Program Files Symantec LiveUpdate AUpdate exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKCU Software Microsoft Internet Explorer Main Search Bar http www actrix co nz search html R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co nz R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell com R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell com R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer provided by Actrix Networks Limited O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - C AAD- - cbd- - A C E D - C WINDOWS system req dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run PCMService quot C Program Files Dell Media Experience PCMService exe quot O - HKLM Run dla C WINDOWS system dla tfswctrl exe O - HKLM Run StatusClient C Program Files Hewlett-Packard Toolbox Apache Tomcat webapps Toolbox StatusClient StatusClient exe auto O - HKLM Run TomcatStartup C Program Files Hewlett-Packard Toolbox hpbpsttp exe O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run gcasServ quot C Program Files Microsoft AntiSpyware gcasServ exe quot O - HKLM Run NAV Agent C PROGRA NORTON navapw exe O - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot r O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Mirabilis ICQ C Program Files ICQ NDetect exe O - Global Startup Digital Line Detect lnk O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C WINDOWS System msjava dll file missing O - Extra Tools menuitem Sun Java... Read more

Relevancy 80.84%

Hello,
I have run Superantispyware, AVG antivirus and AVG antispyware on my PC. AVG has detected Trojan Horse Backdoor Generic6 AMA and Trojan Horse IRC Backdoor Sdbot2 REN and XIN. That is it, however I feel something is still in me (strage outgoing traffic). Could you pls check my HJT log and say if everyting is OK or not?

Thanks!
 

Relevancy 80.84%

Hi all, been awhile. I keep getting two warnings on my puter, one that looks like it's from Microsoft, it's the one that says Critical system warning but when I look for certificate I can't find it. It tells me I am infected. Another comes from Google, it says I have a Trojan Horse Downloader. I didn't try it, did not even know Google sends such things. When I search in Google is when I get that message. It says something is messing with my search and I must admit I was slightly startled by some of the things that did pop up on my search . Any help reallly appreciated. Bastet
 

Relevancy 80.84%

Hi,

My AVG Free edition picked up a trojan horse on my laptop -
Trojan Horse Downloader Generic2.CCY

AVG healed it numerous times and it kept on coming back, found this forum and another thread where a guy had the same trojan as I have infected on my pc. I read the thread and did all the steps up to scanning with Ewido...
Now Ewido has detected it and put it in quarantine, I rescanned with AVG and it doesnt get detected anymore but my questions are -
Can I delete the files in quarantine in Ewido? Is it safe or do I just leave them in there seen as it says it is protected.
Do i need to follow more steps with hijackthis and other programs as advised by anyone knowledgeable?

Thanks in advance for any help
 

Relevancy 80.84%

This message keeps popping up on my screen saying it is a trojan horse downloader and it is here:

C:\system volume information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP687\A0096971.exe
Trojan horse downloader.small.15.A(modified)

I have AVG runing and it will not detect it and I went and bought Spyware X-terminator and it didn't take it out either.

So I am stuck as to how to get rid of it.

I would greatly appreciate any help I could get, and just to say I am somewhat familiar with doing some things.
 

Relevancy 80.84%

Hi All,

Ok, AVG picked up the above on a manually initiated scan. It needed to reboot to complete the healing (all sounds new age). It is still there !!!!!

I booted in safe mode and re-checked still there. Just won't go away.

Anyone had this one and know what works?

Thanks again

Michiba
 

A:Solved: Trojan Horse Downloader.VB.EL

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit, Select All" then click on "Edit, Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

https://forums.techguy.org/threads/solved-trojan-horse-downloader-vb-el.470696/
Relevancy 80.84%

Im trying to fix my moms computer, she accidentally downloaded a trojan horse downloader. I can remove it with avg free but it comes back with every new scan. Any ideas or links to free downloadable anti-virus programs?
 

Relevancy 80.84%

hello. I have 2 trojan horse downloader viruses. They are found by my AVG antivirus. Do you know how to remove them?
I have errors in windowsxp that requires to send an error report to microsoft and memory dump, something like that. And advertisement pop ups.
 

Relevancy 80.41%

I think and alert.CJ trojan horse fake zlob.AGAL downloader horse trojan my computer is infected I ran AVG trojan horse downloader zlob.AGAL and trojan horse fake alert.CJ free scan and it found the two trojans mentioned in the title I deleted them My computer is slow and acting strangely so I installed hijack this and ran it Can you take a look and see if it is and what can I do next I want to thank you for your time and efforts and tell you I appreciate it ahead of time Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C windows system hpsysdrv exe C WINDOWS system hphmon exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C HP KBD KBD EXE C WINDOWS AGRSMMSG exe C Program Files Common Files InstallShield UpdateService issch exe C PROGRA AVG AVG avgwdsvc exe C WINDOWS system spool drivers w x hpztsb exe C WINDOWS ALCXMNTR EXE C Program Files Google Common Google Updater GoogleUpdaterService exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Max Registry Cleaner MaxRCSystemTray exe C Program Files Common Files Real Update OB realsched exe C PROGRA MYWEBS bar bin m SrchMn exe C PROGRA MYWEBS bar bin mwsoemon exe C Program Files QuickTime qttask exe C PROGRA AVG AVG avgtray exe C Program Files Spyware Doctor pctsAuxs exe C Program Files Spyware Doctor pctsTray exe C Program Files Picasa PicasaMediaDetector exe C Program Files Spyware Doctor pctsSvc exe C Program Files MySpace IM MySpaceIM exe C WINDOWS system ctfmon exe C PROGRA AVG AVG avgrsx exe C Program Files Messenger msmsgs exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Kodak KODAK Software Updater Program Kodak Software Updater exe C WINDOWS system svchost exe C Program Files Viewpoint Common ViewpointService exe C PROGRA AVG AVG avgemc exe C WINDOWS System alg exe C DOCUME HP Owner LOCALS Temp -PMLPatch HPZipm exe C Program Files Internet Explorer iexplore exe C PROGRA AVG AVG aAvgApi exe C Documents and Settings HP Owner Desktop HiJackThis exe C WINDOWS system wbem wmiprvse exe R - HKCU Software Microsoft Internet Explorer SearchURL http windowsisearch com R - HKLM Software Microsoft Internet Explorer SearchURL http windowsisearch com R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf desktop R - HKCU Software Microsoft Internet Explorer Main Default Search URL http windowsisearch com R - HKCU Software Microsoft Internet Explorer Main Search Bar http windowsisearch com ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http windowsisearch com R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http windowsisearch com R - HKLM Software Microsoft Internet Explorer Main Search Bar http windowsisearch com ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http windowsisearch com R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Search SearchAssistant http windowsisearch com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http windowsisearch com R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - URLSearchHook no nam... Read more

Relevancy 80.41%

Hi Techsuportforum My AVG software revealed that I have had two trojan horses Trojan horse Generic CFLH amp Trojan horse Downloader Generic BXWQ on my PC since Aside from occasionally not being able to properly quot shut down quot the PC seems to be working fine Nevertheless I'd like to get rid of the trojans The GMER scan failed with a blue sreen of death twice but seemed to complete successfully horse Generic9.BXWQ Trojan Generic17.CFLH & Trojan horse Downloader on the third try albeit quickly The completed scan took only - minutes GB disk w GB free I have access to a Windows XP install disc and have the WIndows XP Recovery Console available to select at boot-up Any help advice you could offer would be greatly appreciated Hanoihancock ------------------------------------------------------------------------- DDS Ver - - - NTFSx Run by Paul Hancock at Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup svchost exe svchost exe C WINDOWS system spoolsv exe svchost exe C WINDOWS system nvsvc exe C WINDOWS system svchost exe -k imgsvc C WINDOWS explorer exe C Program Files AVG AVG avgwdsvc exe C Program Files AVG AVG avgnsx exe C Program Files AVG AVG avgchsvx exe C Program Files AVG AVG avgrsx exe C Program Files AVG AVG avgcsrvx exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Documents and Settings Paul Hancock Desktop dds scr Pseudo HJT Report uStart Page https login yahoo com config login ntl us amp src ym BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Browser Helper Object afd ad - c - db-a -fbe a c - c program files shared lib dll BHO Java tm Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB D C F- A- -A AD- D - No File uRun Auto EPSON Stylus Photo R Series on kitchen c windows system spool drivers w x E FATIAIA EXE P quot Auto EPSON Stylus Photo R Series on kitchen quot M quot Stylus Photo R quot EF quot HKCU quot uRun kitchen EPSON Stylus Photo R Series c windows system spool drivers w x e fatiaia exe p quot kitchen EPSON Stylus Photo R Series quot M quot Stylus Photo R quot EF quot HKCU quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun kitchen EPSON Stylus Photo R Series c windows system spool drivers w x e fatiaia exe p quot kitchen EPSON Stylus Photo R Series quot O quot USB quot M quot Stylus Photo R quot mRun Auto EPSON Stylus Photo R Series on kitchen c windows system spool drivers w x e fatiaia exe p quot auto epson stylus photo r series on kitchen quot o quot kitchen EPSON quot M quot Stylus Photo R quot mRun nwiz nwiz exe install mRun NvCplDaemon RUNDLL EXE c windows system NvCpl dll NvStartup mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun AVG TRAY c progra avg avg avgtray exe mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun Adobe ARM quot c program files common files adobe arm AdobeARM exe quot StartupFolder c docume paulha startm programs startup shortc lnk - c documents and settings paul hancock my documents Display Toggle exe IE E amp xport to Microsoft Excel - c progra micros offi... Read more

A:Trojan horse Generic17.CFLH & Trojan horse Downloader Generic9.BXWQ

Hello hanoihancock,

Did AVG happen to give you a file name and location?

http://www.techsupportforum.com/forums/f100/trojan-horse-generic17-cflh-and-trojan-horse-downloader-generic9-bxwq-491626.html
Relevancy 80.41%

Hi Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here Here is the link Trojan Horse Generic yaf c windows system compstu dll This will not go away no matter WHAT I do Here's a summary of where I started and where I am now I am utilizing AVG antivirus as my main AV I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program The problem is that AVG keeps locating a virus and lists the following OBJECT C Windows System compstu dll RESULT Trojan horse Generic YAF STATUS Infected I downloaded MBAM and utilized it This did clean out the quot house quot however it did not see the compstu dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process The file ALWAYS comes back The AVG error that pops up Generic8.yaf/ Trojan (c:\windows\system32\compstu.dll) Downlad-gen/n_bho Horse Trojan is quot Threat Detected While opening file C Windows system compstu dll Trojan horse Generic YAF The file has also been identified as Trojan Download-Gen N BHO by another of my programs Since my original post SAS ATF and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others Many of the logs would come Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) up clean one time and then dirty Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) the next with various registy entries and of course the ever present Compstu library that can be found at C Windows System Compstu dll Also of note is that many times after downloading SAS updates the file would update again the next time I opened it requesting it update again and retrieving the same file I downloaded the first time Don't know if that is relevent but it sure is irritating Another oddity is a black DOS box that pops up and disappears faster than I can identify it So without further ado here are logs requested Deckard's System Scanner v Run by Toni too on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled attempting to re-enable success -- Last Restore Point s -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Toni too exe --------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System WLTRYSVC EXEC WINDOWS System bcmwltry exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Program Files Common Files Microsoft Shared VS DEBUG Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll) MDM EXEC Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exeC PROGRA SPYWAR sp rsser exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Pure Networks Network Magic nmsrvc exeC WINDOWS system lxcrcoms exeC Program Files iPod bin iPodService exeC WINDOWS Explorer EXEC WINDOWS system ctfmon exeC Program Files Java jre bin jusched exeC WINDOWS system WLTRAY exeC WINDOWS stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files Common Files Ins... Read more

A:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/150876/trojan-horse-generic8yaf-trojan-downlad-genn-bho-cwindowssystem32compstudll/
Relevancy 79.98%

help please I ve got a trojan through trojan MSN Solved: downloader.agent.MLM horse a file in msn i suppose it s the same case as in this thread http forums techguy org security -help-msn-virus html i wasnt able to post a reply so im starting a new thread sorry Solved: MSN trojan horse downloader.agent.MLM for that I m running AVG free edition which immediately picked up the trojan i pressed quot heal quot and it said quot object was successfully healed quot and moved it to the virus vault but the infected files just keep adding up Solved: MSN trojan horse downloader.agent.MLM up to now how do i remove them if you need the info AVG gave me ive printed the screen so i can upload the image i did a hijackthis scan Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA AVGFRE avgamsvr exe C PROGRA AVGFRE avgupsvc exe C PROGRA AVGFRE avgemc exe c Programme LRZ VPN Client cvpnd exe C WINDOWS system LckFldService exe C WINDOWS system nvsvc exe C WINDOWS Explorer EXE C PROGRA AVGFRE avgcc exe C WINDOWS system pctspk exe C Programme Java jre bin jusched exe C WINDOWS system ctfmon exe C Programme Messenger msmsgs exe C WINDOWS system wuauclt exe C WINDOWS System svchost exe C Programme Mozilla Firefox firefox exe C PROGRA AVGFRE avgvv exe C Dokumente und Einstellungen stellara Desktop HijackThis exe R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer O - BHO Adobe PDF Reader - E F-C D - D -B D- B D BE B - C Programme Gemeinsame Dateien Adobe Acrobat ActiveX AcroIEHelper dll O - BHO IeCatch Class - F -AA - B - F D- A B E EF - C PROGRA FlashGet jccatch dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Programme Java jre bin ssv dll O - BHO gFlash Class - F E- EF- C- - BA DBA - C PROGRA FlashGet getflash dll O - Toolbar FlashGet Bar - E E AB-F - D - D - BA E - C PROGRA FlashGet fgiebar dll O - HKLM Run AVG CC C PROGRA AVGFRE avgcc exe STARTUP O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe installquiet O - HKLM Run PCTVOICE pctspk exe O - HKLM Run SunJavaUpdateSched quot C Programme Java jre bin jusched exe quot O - HKLM Run Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUp O - HKLM Run Adobe Reader Speed Launcher quot C Programme Adobe Reader Reader Reader sl exe quot O - HKCU Run CTFMON EXE C WINDOWS system ctfmon exe O - HKCU Run MSMSGS quot C Programme Messenger msmsgs exe quot background O - Global Startup TB-Tray lnk C Programme Thunderbird-Tray TBTray exe O - Extra context menu item Alles mit FlashGet laden - C Programme FlashGet jc all htm O - Extra context menu item Mit FlashGet laden - C Programme FlashGet jc link htm O - Extra context menu item Nach Microsoft amp Excel exportieren - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Programme Java jre bin npjpi dll O - Extra Tools menuitem Sun Java Konsole - B E C - FCB- CF-AAA - C - C Programme Java jre bin npjpi dll O - Extra button Recherchieren - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button FlashGet - D E A -E C - d - D - BA E - C PROGRA FlashGet flashget exe O - Extra Tools menuitem amp FlashGet - D E A -E C - d - D - BA E - C PROGRA FlashGet flashget exe O - Extra button Messenger - FB F -F - d -BB E- C F - C Programme Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Programme Messenger msmsgs exe O - DPF B CFB- - -A -C A C Checkers Class - http messenger zone msn com binary msgrchkr cab cab O - DPF D - E - E -BDF -D E D StagingUI Object - http zone msn com binFrameWork v StagingUI cab cab O - DPF -F - F B- C A- F B ED CrazyTalk Control - http plug-in reallusion com CrazyTalk cab O - DPF B - E - EA - B - F A B... Read more

Relevancy 79.98%

Hello there.. I'm new here and I'm not familiar with how to go about clearing this trojan horse..
Let say if I want to clean it up in normal mode..
What are the steps I should take? My AVG anti spyware isn't updated yet..
All I did was this
"Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
 

Relevancy 79.98%

I ve got this new Trojan that everyone seems to be catching Any thoughts on how to get Downloader.Generic.NON Solved: horse Trojan rid of it I ve got AVG and Solved: Trojan horse Downloader.Generic.NON it keeps healing it but it just keeps coming back I normaly use Mozilla but there are a few sites that I have to use IE for or I would wipe it from my computer Thanks for any help Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT System svchost exe C WINNT system spoolsv exe C WINNT Explorer EXE C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C Program Files Java jre bin jusched exe C PROGRA Grisoft AVGFRE avgcc exe C PROGRA Grisoft AVGFRE avgemc exe C WINNT system RUNDLL EXE C Program Files Common Files Real Update OB realsched exe C Program Files Adobe Photoshop Elements apdproxy exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C WINNT system ctfmon exe C Program Files VIA RAID raid tool exe C Program Files Belkin Nostromo nost LM exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files ewido anti-malware ewidoctrl exe C WINNT system nvsvc exe C WINNT System svchost exe C Program Files iPod bin iPodService exe C WINNT system nvctrl exe C WINNT system mssearchnet exe C PROGRA Grisoft AVGFRE avgwb dat C Program Files ewido anti-malware SecuritySuite exe C Program Files Mozilla Firefox firefox exe C Program Files HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www gateway net R - HKLM Software Microsoft Internet Explorer Main Start Page http www gateway net O - BHO Nothing - da d- e e- fd -a d -b c e - C WINNT system hpDF tmp O - Toolbar SecurityToolbar - b -bdad- be- d - ae ddf bcb - C Program Files Security Toolbar Security Toolbar dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINNT system NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run Microsoft Works Update Detection C Program Files Common Files Microsoft Shared Works Shared WkUFind exe O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run AVG EMC C PROGRA Grisoft AVGFRE avgemc exe O - HKLM Run NvMediaCenter RUNDLL EXE C WINNT system NvMcTray dll NvTaskbarInit O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Elements apdproxy exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKCU Run ctfmon exe C WINNT system ctfmon exe O - Startup Loadout Manager lnk O - Global Startup raid tool exe lnk C Program Files VIA RAID raid tool exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll file missing O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll file missing O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button MoneySide - E F - C A- -A E -A DEA A - C Program Files Microsoft Money System mnyside dll O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Extra Tools menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exe O - Plugin for spop C Program Files Internet Explorer Plugins NPDocBox dll O - DPF C A- BE- B -A BB- B FE A ewidoOnlineScan Control - http download ewido net ewidoOnlineScan cab O - DP... Read more

Relevancy 79.98%

Hi,

My computer has picked up a virus by opening a link sent via Windows Live Messenger. The virus is Trojan horse Downloader.Generic4.DEM and AVG says it's file tci0.exe thats infected. AVG has sent it to the AVG virus vault and when deleted from the vault AVG heals it but it still comes back everytime i go into live messenger. It also now has 3No. backup copys that are infected (file names hosts/ install.exe).

My operating system is Windows XP.

I hope someone can help.

Thanks
 

A:Solved: Trojan Horse Downloader.generic4.DEM

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

https://forums.techguy.org/threads/solved-trojan-horse-downloader-generic4-dem.562262/
Relevancy 79.98%

Anybody knows any way to remove this virus My hijack this log is Logfile of HijackThis v Scan saved at PM on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS SYSTEM MSTASK EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD MMKEYBD EXE C PROGRAM FILES GRISOFT AVG AVGSERV EXE C WINDOWS SYSTEM SSDPSRV EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD KEYBDMGR EXE C PROGRAM FILES NETROPA ONSCREEN Solved: Trojan Downloader.dyfica.2.ba Horse DISPLAY OSD EXE C PROGRAM FILES NETROPA ONE-TOUCH MULTIMEDIA KEYBOARD MMUSBKB EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS EXPLORER EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS SYSTEM HPSYSDRV EXE C PROGRAM FILES MOTIVE MOTMON EXE C PROGRAM FILES ADAPTEC DIRECTCD DIRECTCD EXE C PROGRAM FILES GRISOFT AVG AVGCC EXE C PROGRAM FILES WINDOWS TASKAD WINTASKAD EXE C WINDOWS SYSTEM WMIEXE EXE C PROGRAM FILES Solved: Trojan Horse Downloader.dyfica.2.ba WINDOWS TASKAD WINSCHED EXE C PROGRAM FILES COMMON FILES REAL UPDATE OB REALSCHED EXE C WINDOWS RunDLL exe C PROGRAM FILES IISYSTEM WIPER SYSTEMWIPER EXE C PROGRAM FILES LINKSYS WIRELESS-B PCI ADAPTER ODHOST EXE C PROGRAM FILES LINKSYS WIRELESS-B PCI ADAPTER WMP CFG EXE C WINDOWS SYSTEM DDHELP EXE C WINDOWS SYSTEM PSTORES EXE C PROGRAM FILES WEBROOT SPY SWEEPER SPYSWEEPER EXE C PROGRAM FILES BACKWEB BACKWEB PROGRAM BACKWEB EXE C PROGRAM FILES INTERNET EXPLORER IEXPLORE EXE C WINDOWS DESKTOP HIJACKTHIS HIJACKTHIS EXE C WINDOWS NOTEPAD EXE R - HKCU Software Microsoft Internet Explorer Main Start Page http www ziare tv tv R - HKLM Software Microsoft Internet Explorer Main Start Page http www ziare tv tv R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll file missing O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run SystemTray SysTray Exe O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run hpsysdrv c windows system hpsysdrv exe O - HKLM Run Delay C WINDOWS delayrun exe O - HKLM Run MotiveMonitor C Program Files Motive motmon exe O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run Microsoft Works Update Detection C Program Files Microsoft Works WkDetect exe O - HKLM Run Adaptec DirectCD C Program Files ADAPTEC DIRECTCD DIRECTCD EXE O - HKLM Run AVG CC C PROGRA GRISOFT AVG avgcc exe STARTUP O - HKLM Run Windows TaskAd C PROGRAM FILES WINDOWS TASKAD WINTASKAD EXE O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run MSConfigReminder C WINDOWS SYSTEM msconfig exe reminder O - HKLM RunServices LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM RunServices SchedulingAgent mstask exe O - HKLM RunServices Keyboard Manager c Program Files Netropa One-touch Multimedia Keyboard MMKeybd exe O - HKLM RunServices Avgserv exe C PROGRA GRISOFT AVG Avgserv exe O - HKLM RunServices StateMgr C WINDOWS System Restore StateMgr exe O - HKCU Run Taskbar Display Controls RunDLL deskcp dll QUICKRES RUNDLLENTRY O - HKCU Run iIWiper C PROGRAM FILES IISYSTEM WIPER SYSTEMWIPER EXE m O - HKCU Run SpySweeper quot C Program Files Webroot Spy Sweeper SPYSWEEPER EXE quot O - Startup Wireless-B Notebook Adapter Utility lnk C Program Files Linksys Wireless-B PCI Adapter Startup exe Thanks nbsp

Relevancy 79.98%

Well over the past two days I ve went to several sites gone through several removal suggestions all of them fail Solved: And\or Trojan Horse Downloader-AUX Dialer? because I can t get hands-on support My McAfee Solved: Downloader-AUX And\or Trojan Horse Dialer? has been deleting healing a file in Windows Temp Usually Win--- tmp whilst my AVG At the exact same time McAfee removes the Temp file heals a files in local settings internet temporary files I ve cleaned my cookies ran ATF-Cleaner ran Ewido Ad-aware Avg and McAfee on Safe-mode deleted registries suggested by Mcafee and not one removal method kept the virus from returning It returns every - minutes So here s my log any help would be greatly appreciated Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS System wltrysvc exe C WINDOWS System bcmwltry exe C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files ewido anti-malware ewidoctrl exe C Program Files ewido anti-malware ewidoguard exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe C PROGRA McAfee com PERSON MpfService exe C PROGRA McAfee SPAMKI MSKSrvr exe C WINDOWS Explorer EXE C Program Files Synaptics SynTP SynTPEnh exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C WINDOWS system WLTRAY exe C Program Files Dell QuickSet quickset exe C WINDOWS system svchost exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Musicmatch Musicmatch Jukebox mm tray exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files McAfee com VSO mcvsshld exe c progra mcafee com vso mcvsescn exe c program files mcafee com agent mcagent exe C Program Files McAfee com VSO oasclnt exe C PROGRA McAfee com PERSON MpfTray exe C PROGRA Grisoft AVG avgcc exe C PROGRA McAfee SPAMKI MskAgent exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe C Program Files Windows Defender MSASCui exe C Program Files Dell Support DSAgnt exe C Program Files Plaxo PlaxoHelper exe C Program Files Messenger msmsgs exe c progra mcafee com vso mcvsftsn exe C PROGRA McAfee com PERSON MpfAgent exe C Program Files Digital Line Detect DLG exe C Program Files Logitech SetPoint KEM exe C Program Files Logitech SetPoint KHALMNPR EXE C Program Files KeyText KeyText exe C Program Files Mozilla Firefox firefox exe C Documents and Settings KEVIN AHERN Desktop av-removal-tool tool com C Program Files Webroot Spy Sweeper SpySweeper exe C Program Files Webroot Spy Sweeper WRSSSDK exe C Program Files Internet Explorer iexplore exe C Documents and Settings KEVIN AHERN Desktop HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKCU Software Microsoft Internet Explorer Main Search Bar http mysearch myway com jsp dellsidebar jsp p DE R - HKCU Software Microsoft Internet Explorer Main Start Page http home bellsouth net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www dell me com myway R - HKLM Software Microsoft Internet Explorer Main Start Page http www dell me com myway R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www dell me com myway R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll O - BHO McAfee AntiPhishing Filter - D ED - CFF- - A - EBB AF - c program files mcafee spamkiller mcapfbho dll O - BHO AOL Toolbar Launcher - C... Read more

Relevancy 79.98%

Hi,
Thanks a bunch for this website.
My computer is running slowly, and AVG Free keeps detecting the above mentioned Trojan Horse Downloader.
It's affecting my typing since I can't see what I type until one or two seconds after I stop.
I googled the above name, (found your website), but can't find advice on the web or your site for this specific virus.
Help, please.
Thanks and God Bless
 

Relevancy 79.98%

Hi i downloaded vundofix and it removed some of the files but there are sitll a few it has left on my daughter has got avg anti virus im not sure on what to do now the files its left on are

c:\winnt\system32\olyegecl.dll
c:\winnt\system32\uvyxx.bak1
c:\winnt\system32\uvyxx.ini
c:\winnt\system32\xxyvu.dll

i dont know if this helps or not but im not sure on what else to do can anyone help.
 

Relevancy 79.98%

PC USING WINDOWS ME

Similar to "Mecca 18" 's problem.
AVG detected 2 virus invasions - Trojan horse downloader 16.1 small
AVG Claim these cannot be removed.

Infected Files:----C:\WINDOWS\RESTORE\TEMP\A0002083CPY
A000208 CPY

Could anyone please advise, how I can delete them from my system?
Cheers, Angelfysh
 

Relevancy 79.98%

I am trying to clean a trojan horse from a Windows XP Home edition, After running AVG 6.0 Anti-Virus for Windows it says it found the trojan horse downloader virus and it healed it but then upon rebooting windows an AVG alert pops up and says it found "Trojan Horse Downloader.Presario.A" in file C:\System Volume Information\_restore{C3A256EC-F74E-4D1B-B627-49321DAD0241}\RP254\A0033206.exe So I ran AVG again and also Trend's Housecalls, they don't find anything, but the message still pops up on reboot. Everything seems to be working fine on the computer but it would be nice to get the virus off the computer. I would appreciate any help anyone could give me on my situation, thanks.
4dsmom
 

Relevancy 79.98%

Computer is slowing down and not loading applications on other sites Ancestry com s enhanced image viewer takes so long to come up it Horse Downloader Generic2.KMB Solved: Trojan is maddening or it won t load at all Just one of many problems I think this TH is Solved: Trojan Horse Downloader Generic2.KMB causing on my NEW machine Only had it a couple of months custom built Any help would be appreciated Running Windows XP AVG found it but couldn t get rid of it Downloaded NoAdware but hasn t done much of anything except spot cookies and delete them Wondering if it is a false positive downloaded from Java I had some of those too Thanks and HELP Just went and got HJT after reading some more posts and here are the results Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Program Files Analog Devices SoundMAX SMax PNP exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files ASUS Probe AsusProb exe C Program Files Java jre bin jusched exe C WINDOWS system RUNDLL EXE C Program Files Yahoo browser ybrwicon exe C PROGRA Yahoo YOP yop exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system ctfmon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files NoAdware NoAdware exe C PROGRA Yahoo browser ycommon exe C Program Files Hewlett-Packard Digital Imaging bin hpohmr exe C Program Files Hewlett-Packard Digital Imaging bin hpotdd exe C Program Files Hewlett-Packard Digital Imaging bin hpoevm exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS system nvsvc exe C Program Files Analog Devices SoundMAX SMAgent exe C WINDOWS system svchost exe C WINDOWS system wdfmgr exe C WINDOWS system HPZipm exe C WINDOWS system wscntfy exe C WINDOWS System alg exe C Program Files Hewlett-Packard Digital Imaging Bin hpoSTS exe C Program Files Messenger msmsgs exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize ie defaults sb sbcydsl http www yahoo com search ie ht ml R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http yahoo sbc com dsl R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com customize ie defaults sb sbcydsl http www yahoo com search ie ht ml R - HKLM Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com customize ie defaults sp sbcydsl http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http yahoo sbc com dsl R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com customize ie defaults su sbcydsl http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page blank htm R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Yahoo IE Services Button - BAB B B- BC- B - D - FC DE A - C Program Files Yahoo common yiesrvc dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - Toolbar ... Read more

Relevancy 79.98%

i found this trojan horse and AVG cannot get rid of it. I am running windows 98 SE. I downloaded highjack this and scanned and have a log to attatch. I need to know which lines to FIX and how to proceed from there. Please help me!!!!!! thanks
 

Relevancy 79.98%

Hi everyone. I have a problem (again) I was running my AVG last night and got a virus detection. It said it could not be removed by healing and the entire infected object must be removed-it said to move it to the virus vault but when I try to I get an error message that says
File c/restore/temp/A0060338.cpy cannot be removed. What now?
 

Relevancy 79.98%

Can someone please check my log I ve been trying to get this mess off my laptop for almost weeks now and I m totally frustrated with it I will be extremely greatful for any help you can offer Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program log Solved: horse This Trojan Downloader/Hijack Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C Program Files Intel Wireless Bin WLKeeper exe C WINDOWS system spoolsv exe C Program Files Intel Wireless Bin ZcfgSvc exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe Solved: Trojan horse Downloader/Hijack This log C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C Program Files Java j re bin jusched exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Dell Media Experience PCMService exe C Program Files Apoint Apntex exe C Program Files Dell QuickSet quickset exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C PROGRA Intel Wireless Bin XConfig exe C Program Files iTunes iTunesHelper exe C Program Files HP HP Software Update HPWuSchd exe C Program Files HP hpcoretech hpcmpmgr exe C WINDOWS system hphmon exe C PROGRA Grisoft AVG avgcc exe C Program Files Yahoo Search Protection SearchProtection exe C WINDOWS system ctfmon exe C Program Files AdwareAlert AdwareAlert exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtMng exe C Program Files Digital Line Detect DLG exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C Program Files Toshiba Bluetooth Toshiba Stack TosA dp exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Toshiba Bluetooth Toshiba Stack TosBtHsp exe C Program Files Dell NICCONFIGSVC NICCONFIGSVC exe C Program Files Intel Wireless Bin RegSrvc exe C PROGRA Yahoo MESSEN ymsgr tray exe C Program Files HP Digital Imaging bin hpqgalry exe C WINDOWS System svchost exe C Program Files iPod bin iPodService exe C PROGRA Grisoft AVG avgvv exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp msgr http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su msgr http www yahoo com R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprO... Read more

Relevancy 79.98%

Hi My computer has been infected with this Trojan Horse I am not sure how to fix this problem do you think you guys can help me please Here is a scan I did with Hijack Horse Downloader.Small.58.AG Solved: Trojan This Logfile Solved: Trojan Horse Downloader.Small.58.AG of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS System spool DRIVERS W X E FATIABA EXE C PROGRA Grisoft AVGFRE avgcc exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe C WINDOWS system ctfmon exe C Program Files MSN Messenger MsnMsgr Exe C Program Files Common Files Teleca Shared CapabilityManager exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files UPHClean uphclean exe C Program Files Common Files Teleca Shared Generic exe C Program Files Sony Ericsson Mobile Mobile Phone Monitor epmworker exe C PROGRA Grisoft AVGFRE avgw exe C Program Files MSN Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer iexplore exe C Program Files Hijackthis HijackThis exe O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - Toolbar no name - BF - F - - - FE E AA - no file O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run EPSON Stylus C Series C WINDOWS System spool DRIVERS W X E FATIABA EXE P quot EPSON Stylus C Series quot O quot USB quot M quot Stylus C quot O - HKLM Run MsgCenterExe quot C Program Files Common Files Real Update OB RealOneMessageCenter exe quot -osboot O - HKLM Run AVG CC C PROGRA Grisoft AVGFRE avgcc exe STARTUP O - HKLM Run GrooveMonitor quot C Program Files Microsoft Office Office GrooveMonitor exe quot O - HKLM Run Sony Ericsson PC Suite quot C Program Files Sony Ericsson Mobile Application Launcher Application Launcher exe quot startoptions O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - Extra context menu item amp D amp ownload amp with BitComet - res C Program Files BitComet BitComet exe AddLink htm O - Extra context menu item amp D amp ownload all video with BitComet - res C Program Files BitComet BitComet exe AddVideo htm O - Extra context menu item amp D amp ownload all with BitComet - res C Program Files BitComet BitComet exe AddAllLink htm O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button Send to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra Tools menuitem S amp end to OneNote - A- - f c- - EE C C - C PROGRA MICROS Office ONBttnIE dll O - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS Office REFIEBAR DLL O - Extra button no name - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra Tools menuitem xpsp res dll - - e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe file missing O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenge... Read more

Relevancy 79.98%

Hey Folks -- AVG found this trojan horse and warned me about it but couldn t remove it trojan horse downloader.small.4.BQ [Solved] I found this [Solved] trojan horse downloader.small.4.BQ forum and have been following its advice Now I have this log from running the Hijack This test and would appreciate someone s advice on which processes to remove Thanks------------deedub Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C PROGRA Grisoft AVG avgserv exe C WINDOWS System nvsvc exe C Program Files Softex OmniPass Omniserv exe C Program Files Softex OmniPass OPXPApp exe C windows system hpsysdrv exe C Program Files Hewlett-Packard Digital Imaging Unload hpqcmon exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS System hphmon exe C HP KBD KBD EXE C Program Files Multimedia Card Reader shwicon k exe C Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exe C windows temp Y bQN exe C WINDOWS dhbrwsr exe C WINDOWS TimeSynchronize exe C PROGRA Grisoft AVG avgcc exe C WINDOWS ALCXMNTR EXE C Program Files Messenger msmsgs exe C WINDOWS System rundll exe C WINDOWS DvzCommon DvzMsgr exe C Program Files Hewlett-Packard Digital Imaging bin hpqtra exe C Program Files Updates from HP Program BackWeb- exe C Palm HOTSYNC EXE C PROGRA HEWLET HPORGA bin nda exe C Program Files Common files WinTools WSup exe C WINDOWS explorer exe C WINDOWS dhsvr exe C Program Files Internet Explorer iexplore exe C WINDOWS system notepad exe C Program Files Internet Explorer iexplore exe C Program Files Common files WinTools WToolsA exe C Program Files Common files WinTools WToolsS exe C Documents and Settings Owner Desktop HijackThis hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http server smartbotpro net search new-hkcu R - HKCU Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http yahoo com R - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http default-homepage-network com start cgi new-hklm R - HKLM Software Microsoft Internet Explorer Main Search Bar http server smartbotpro net search new-hklm R - HKLM Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Connection Wizard Shellnext http us hpwis com R - URLSearchHook no name - E F - FFB- -A -EA BC - C Program Files TV Media TvmBho dll R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file O - BHO IE Agent - - - - - - C PROGRA Lycos IEagent CSIE DLL O - BHO no name - A A C-F - C -BA -B D C AB - C WINDOWS System mskceo dll O - BHO no name - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO no name - C- F - EFB-A -C B B - C WINDOWS System mskhhe dll O - BHO no name - BA C EB-D - E - DB -B - C WINDOWS System msdaim dll O - BHO no name - B DE- C - BF-B B- B F A E - C Program Files Microsoft Money System mnyside dll O - BHO no name - F FA - FC - D -B - D C - C WINDOWS System mskpkc dll O - BHO no name - CD-ECF - EA - A A- F CA F - C WINDOWS System msibkd dll O - BHO no name - E F - FFB- -A -EA BC - C Program Files TV Media TvmBho dll O - BHO no name - A - AAA- A- D- - C WINDOWS System msjfbl dll O - BHO no name - CC B B-BE - -A D- C BBD - C WINDOWS System msedah dll O - BHO no name - D A CA- BFB- DE -BA E-A F CCA C - C WINDOWS d... Read more

Relevancy 79.98%

I ran AVG antivirus last night and received the message that I was infected with trojan horse downloader.agent.5.e. How do I get rid of this virus?
 

Relevancy 79.98%

Hi There My year old son opened an exe Downloader.Generic4.DEM Horse Solved: Trojan - file which was sent to him via MSN Messenger AVG Anti-Virus tells me that this is a trojan horse called downloader generic DEM which keeps installing a file in the temp folder called install exe It doesnt matter if I press Solved: Trojan Horse - Downloader.Generic4.DEM quot heal quot or quot move to vault quot it continues to come back I have tried running Spybot and Ad-aware SE Registry Mechanic but still cannot get rid of it I have downloaded the full trial version of AVG Anti-Spyware which picked up a number of things that were missed by Spybot and Ad-Aware but still the problem continues I have also run Evidence Eliminator but still the problem continues The system keeps bringing up the MSN Messenger sign in box and hijacks my IE browser and redirects my firefox browser and then the computer freezes and I have to restart the computer The AVG Anti-Spyware is detecting malware and new infections every few minutes This is one infection that keeps popping up - Trojan Agent AJK which is found in the following folder C documents and settings Eagles net exe Below is the hijackthis log file Thanks and I hope you can help Cheers Brian Logfile of HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C Program Files Grisoft AVG Anti-Spyware guard exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C WINNT System svchost exe C WINNT System nvsvc exe C WINNT system regsvc exe C WINNT system stisvc exe C WINNT System WBEM WinMgmt exe C WINNT system svchost exe C WINNT Explorer EXE C WINNT system wuauclt exe C Program Files Common Files Real Update OB realsched exe C Program Files iTunes iTunesHelper exe C Program Files QuickTime qttask exe C PROGRA Grisoft AVG avgcc exe C Program Files Java jre bin jusched exe C Program Files iPod bin iPodService exe C Program Files Grisoft AVG Anti-Spyware avgas exe C Program Files Evidence Eliminator ee exe C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger msrr exe C Program Files Yahoo Messenger ymsgr tray exe C Program Files OLYMPUS CAMEDIA Master CM camera exe C Program Files Qlock qlock exe C Program Files LimeWire LimeWire exe C Program Files HijackThis HijackThis exe O - Toolbar ninemsn - BDAD DAD-C - A -ADC - B B FF D - C Program Files MSN Apps MSN Toolbar en-au msntb dll O - Toolbar msdxmLC dll email protected amp Radio - E - F- D - E- A C - C WINNT System msdxm ocx O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - HKLM Run Synchronization Manager mobsync exe logon O - HKLM Run LoadQM loadqm exe O - HKLM Run NvCplDaemon RUNDLL EXE C WINNT System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SoundService rundll exe quot C WINNT system lbbmegnv dll quot setvm O - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimized O - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger ypager exe quot -quiet O - HKCU Run Evidence Eliminator C Program Files Evidence Eliminator ee exe m O - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot background O - Startup qlock lnk C Program Files Qlock qlock exe O - Startup LimeWire On Startup lnk C Program Files LimeWire LimeWire exe O - Global Startup Adobe Gamma... Read more

Relevancy 79.98%

I have followed the suggestions in other peoples previous threads Here is my Hijack results Can someone tell Downloader.agent.al trojan horse [Solved] me how get rid of this thing Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files [Solved] trojan horse Downloader.agent.al Analog Devices SoundMAX SMax PNP exe C Program Files Analog Devices SoundMAX Smax exe C WINDOWS System igfxtray exe C WINDOWS System hkcmd exe C WINDOWS System devldr exe D Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe D Program Files Grisoft AVG avgcc exe D [Solved] trojan horse Downloader.agent.al Program Files QuickTime qttask exe C OfficeScan NT pccntmon exe C WINDOWS System ctfmon exe C Program Files MSN Messenger MsnMsgr Exe D Program Files Adobe Acrobat Distillr AcroTray exe D Program Files WinZip WZQKPICK EXE d PROGRA Grisoft AVG avgserv exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C OfficeScan NT ntrtscan exe C Program Files Analog Devices SoundMAX SMAgent exe C OfficeScan NT tmlisten exe d Program Files RealVNC VNC WinVNC exe E Internet Downloads hijack HijackThis exe R - HKCU Software Microsoft [Solved] trojan horse Downloader.agent.al Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie amp ar iesearch R - HKCU Software Microsoft Internet Explorer Main Start Page file Nserver Programs D intranet intranet htm R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www microsoft com isapi redir dll prd ie amp pver amp ar msnhome R - HKLM Software Microsoft Internet Explorer Main Default Search URL http www microsoft com isapi redir dll prd ie amp ar iesearch R - HKLM Software Microsoft Internet Explorer Main Search Page http www microsoft com isapi redir dll prd ie amp ar iesearch R - HKLM Software Microsoft Internet Explorer Main Start Page http www microsoft com isapi redir dll prd SUB PRD amp clcid SUB CLSID amp pver SUB PVER amp ar home R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride http localhost F - REG system ini UserInit C Windows System wsaupdater exe O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - d Program Files Adobe Acrobat Acrobat ActiveX AcroIEHelper ocx O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocx O - HKLM Run SoundMAXPnP C Program Files Analog Devices SoundMAX SMax PNP exe O - HKLM Run SoundMAX quot C Program Files Analog Devices SoundMAX Smax exe quot tray O - HKLM Run IgfxTray C WINDOWS System igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS System hkcmd exe O - HKLM Run NeroCheck C WINDOWS System NeroCheck exe O - HKLM Run MMTray d Program Files MUSICMATCH MUSICMATCH Jukebox mm tray exe O - HKLM Run AVG CC D Program Files Grisoft AVG avgcc exe startup O - HKLM Run QuickTime Task quot D Program Files QuickTime qttask exe quot -atboottime O - HKLM Run BullsEye Network C Program Files BullsEye Network bin bargains exe O - HKLM Run OfficeScanNT Monitor quot C OfficeScan NT pccntmon exe quot O - HKCU Run CTFMON EXE C WINDOWS System ctfmon exe O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - Global Startup Acrobat Assistant lnk D Program Files Adobe Acrobat Distillr AcroTray exe O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Global Startup WinZip Quick Pick lnk D Program Files WinZip WZQKPICK EXE O - Extra context menu item E amp xport to Microsoft Excel - res D PROGRA MICROS OFFICE EXCEL EXE O - Extra button Research - B - CC- C -B BE- C C A - D PROGRA MICROS OFFICE REFIEBAR DLL O - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger MSMSGS EXE O - Extra Too... Read more

Relevancy 79.55%

Symantec Anti-Virus and Spy Sweeper keep appearing stating that the Downloader Trojan Horse or Trojan-Downloader gen has been quarantined Symantec rates it very low and Spy Sweeper rates it very high as far as risk level I scanned my computer with Spy Hunter Spy Sweeper Symantec Anti-Virus in safe mode and Trojan Remover all with the latest definitions No trojans or other problems found If you go to www artray com quarantine there are three or Trojan-Downloader.gen Warning Trojan Quarantine Horse Downloader for of Popup bmp files there that you can save to your computer that show the quarantined items and names together with the location they keep appearing in which is c winnt temp Can someone please help me remove these trojans I am on a pc running Windows Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen Bob Email is ptaker at gmail dot com Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINNT System smss exe C WINNT system Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT system spoolsv exe C Program Files APC APC PowerChute Personal Edition mainserv exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Symantec Client Security Symantec AntiVirus DefWatch exe C WINNT System svchost exe C Program Files Conversions Plus FORMATM EXE C Program Files Microsoft SQL Server MSSQL ICV Binn sqlservr exe C Program Files NovaStor NovaBACKUP NMSAccessU exe C Program Files NovaStor NovaBACKUP NSENGINE exe C WINNT Explorer EXE C Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen WINNT system nvsvc exe C Program Files Nuance PDF Professional PDFProFiltSrv exe C WINNT system regsvc exe C Program Files Common Files Symantec Shared ccApp exe C WINNT system MSTask exe C PROGRA SYMANT SYMANT VPTray exe C Program Files Microsoft Hardware Mouse point exe C PROGRAM FILES HP SCANJET PrecisionScanPro HPLamp exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Java jre bin jusched exe C WINNT system wfxsnt exe C Program Files Webroot Spy Sweeper SpySweeperUI exe C WINNT system stisvc exe C Program Files StuffIt ArcNameService exe C Program Files Symantec Client Security Symantec AntiVirus Rtvscan exe C Program Files Nuance PDF Professional pdfpro hook exe C Program Files AIM aim exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C Program Files palmOne Hotsync exe C Program Files Conversions Plus MacName exe C Program Files APC APC PowerChute Personal Edition apcsystray exe C Program Files Microsoft SQL Server Tools Binn sqlmangr exe C Program Files t Tray Minimizer t-min exe C WINNT system WFXSVC EXE C WINNT System WBEM WinMgmt exe C Program Files WinFax WFXMOD EXE C Program Files RealVNC WinVNC exe C WINNT system mspmspsv exe C WINNT system svchost exe C Program Files Webroot Washer WasherSvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINNT System msdtc exe C WINNT system mqsvc exe C Program Files Symantec Client Security Symantec Client Firewall SymSPort exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINNT system wuauclt exe C Program Files Webroot Spy Sweeper SSU EXE C Program Files Mozilla Firefox firefox exe C Program Files Hijack This HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page about blank O - BHO IDM Helper - C - - B-A BF- B C A A - C Program Files Internet Download Manager IDMIECC dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Spybot-S amp D IE Protection -... Read more

A:Popup Warning of Quarantine for Downloader Trojan Horse or Trojan-Downloader.gen

Additional Information 3/10/2008 with Deckard's System Scanner
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-03-10 15:33:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:25 PM, on 3/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ICV\Binn\sqlservr.exe
C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\StuffIt11\ArcNameService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRAM FILES\HP SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINNT\system32\WFXSVC.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINNT\system32\mqsvc.exe
C:\Program Files\Conversions Plus\MacName.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Administrator\Desktop\13627xdss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program... Read more

http://www.techsupportforum.com/forums/f284/popup-warning-of-quarantine-for-downloader-trojan-horse-or-trojan-downloader-gen-228875.html
Relevancy 79.12%

Hello This is my BackDoor.Ircbot.DME & Downloader.Zlob Trojan Trojan horse horse first post here Hopefully this will resolve my problems According to AVG Anti-Virus I have these Trojan horses neither of which is not quot healable quot There is a virus called quot Virus identified exploit quot that I noticed in the AVG Virus Vault as well How can I fix these issues Might it help to mention that the latter has been in the Vault since October I only noticed it now when I was running a scan but I-or the laptop-run scans often The first Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob Trojan since March and the second trojan since today Attached is my HJT Log I did attempt to complete a Panda ActiveScan but an quot Update error quot prevents it saying quot Sorry updating is incomplete due to an error Please try again quot I've tried several times to re-update but my attempts have been futile Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system ctfmon exe C WINDOWS system DVDRAMSV exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe c program files mcafee com agent mcdetect exe c PROGRA mcafee com vso mcshield exe c PROGRA mcafee com agent mctskshd exe c PROGRA mcafee com vso OasClnt exe c program files mcafee com vso mcvsshld exe c program files mcafee com agent mcagent exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TDispVol exe C Program Files Synaptics SynTP SynTPEnh exe C PROGRA McAfee SPAMKI MskAgent exe C Program Files Synaptics SynTP Toshiba exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS ehome ehtray exe C Program Files Toshiba Toshiba Applet thotkey exe C Program Files Synaptics SynTP SynTPLpr exe C Program Files ltmoh Ltmoh exe C WINDOWS AGRSMMSG exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files Toshiba Tvs TvsTray exe C WINDOWS system TPSMain exe C Program Files Intel Wireless Bin RegSrvc exe C Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exe c Program Files Microsoft SQL Server Shared sqlwriter exe C WINDOWS system dla DLACTRLW exe C WINDOWS system TPSBattM exe c TOSHIBA IVP swupdate swupdtmr exe C Program Files Intel Wireless bin ZCfgSvc exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files TOSHIBA TOSHIBA Applet TAPPSRV exe C PROGRA McAfee com PERSON MpfTray exe C Program Files Viewpoint Common ViewpointService exe C WINDOWS system spool drivers w x hpztsb exe C Program Files Common Files Real Update OB realsched exe C PROGRA Grisoft AVG avgcc exe C Program Files iTunes iTunesHelper exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files BitTorrent bittorrent exe C WINDOWS system RAMASST exe C PROGRA Intel Wireless Bin Dot XCfg exe C WINDOWS system dllhost exe C PROGRA Grisoft AVG avgw exe C Program Files iPod bin iPodService exe C WINDOWS eHome ehmsas exe C WINDOWS System svchost exe C WINDOWS system wuauclt exe C PROGRA McAfee com PERSON MpfAgent exe C toshiba ivp ism ivpsvmgr exe C WINDOWS System spool DRIVERS W X HPZSTC exe C WINDOWS explorer exe C PROGRA Grisoft AVG avgwb dat C Program Files Microsoft Office Office WINWORD EXE C PROGRA Grisoft AVG avgvv exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Ethereal Pandemonium Desktop hijackthis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page U... Read more

A:Trojan horse BackDoor.Ircbot.DME & Trojan horse Downloader.Zlob

This is the offender:

O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll


Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

http://www.techsupportforum.com/forums/f284/trojan-horse-backdoor-ircbot-dme-and-trojan-horse-downloader-zlob-247490.html
Relevancy 79.12%

HELLO this is my first time posting at your site but has has follow your responses to other while reseaching software and problems on the google search page Your answers and instructions has been of geat use and help to And Horse With 4.bo Infected Downloader Generic Trojan Horse Trojan Zlob.mcq me Recently my computer started to run slow and I started seeing pop ups and messages saying my computer was infected I checked my Avg Anti Virus and found seven items in the quarantine folder The items were listed as Trojan Horse Generic BO and a Trojan Horse Downloader Zlob mcq I ran Ad Aware and it found sever items mostly cookies and Zango which was removed I then ran another scan and it came up clean I ran a Panda Active scan and it found more infections I have included the report with my HiJack log I had a problem running a panda scan until I notice a registry cleaner was blocking Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq me from loading active x program needed by Panda I was able to uninstall the program I installed Spybot and and it found even more infections such as Hot box freeze com and a registry change At this point I now know I have a serious problem Thank you in advance for any help you can provide me and my computer Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS Explorer EXEC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS System PackethSvc exeC Program Files Common Files AOL ACS AOLAcsd exeC Program Files Common Files AOL TopSpeed aoltsmon exeC PROGRA Grisoft AVGFRE avgamsvr exeC PROGRA Grisoft AVGFRE avgupsvc exeC PROGRA Grisoft AVGFRE avgemc exeC WINDOWS System svchost exeC Program Files Lexmark Series lxbmbmgr exeC HP KBD KBD EXEC Program Files Lexmark Series lxbmbmon exeC windows system hpsysdrv exeC PROGRA Grisoft AVGFRE avgcc exeC Program Files Common Files AOL ee AOLSoftware exeC WINDOWS system ctfmon exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www madebig com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Window Title Microsoft Internet Explorer powered by Verizon BroadbandR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dllO - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocxO - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run Lexmark Series quot C Program Files Lexmark Series lxbmbmgr exe quot O - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run FaxCenterServer in quot C Program Files Lexmark Series Fax fm exe quot sO - HKLM Run AVG CC C PROGRA Gris... Read more

A:Infected With Trojan Horse Generic 4.bo And Trojan Horse Downloader Zlob.mcq

Hello deb_girl, I am SifuMike and I will be helping you. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.****************** We are going to dig deeper, and that will require us to run some additional scans.You will need to use Internet Explorer for this scan. Disable your antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download and install AVG Anti-Spyware v7.5.After download, double click on the file to launch the install process. Choose a language, click "OK" and then click "Next".Read the "License Agreement" and click "I Agree".Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-cli... Read more

http://www.bleepingcomputer.com/forums/t/102922/infected-with-trojan-horse-generic-4bo-and-trojan-horse-downloader-zlobmcq/
Relevancy 79.12%

Good evening,

When i switched my PC on today, a virus warning msg came up from AVG stating that my HijackThis.Exe file has been infected by a virus. After scanning my PC i found a trojan (Trojan Horse Downloader.Agent.RPX) in my Windows XP directory (C:\\WINDOWS\system32\hanonvit.ini).

Now i can't run the software HijackThis even after isolating the virus with AVG (in the virus vault) and removing / installing a fresh new HijackThis (virus warning message appears every time i install HijackThis back to the PC and trying to click on the link of the installed .exe file will prompt a message stating that the file cannot be found)

Sorry to bother you and thank you for your time in advance.

Ezer
 

Relevancy 79.12%

I have Trojan horse Downloader.Alchemic.A
in c\docs and settings\me\local settingd\temp\aawtmp\c11470784\218428\alchem.exe

This was detected by Adaware (V1.04) which recommended AVG
Avg 6 couldn’t find it
Spybot and Trojan remover doesn’t find it

I updated to AVG 7
AVG 7 resident shield finds it but Heal/Delete file/Move to vault doesn’t work
Adaware now doesn’t find it
System restore is turned off
Please help
 

Relevancy 79.12%

AVG free has Trojan Downloader.Zlob.CP removing Need Solved: help horse detected this trojan and has placed it in the virus Solved: Need help removing Trojan horse Downloader.Zlob.CP vault but cannot remove it Ewido anti-spyware has come up clean Am posting HJT log here Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Solved: Need help removing Trojan horse Downloader.Zlob.CP Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C PROGRA Grisoft AVGFRE avgemc exe C Program Files Common Solved: Need help removing Trojan horse Downloader.Zlob.CP Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Program Files Java jre bin jusched exe C Program Files Hp HP Software Update HPWuSchd exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files HPQ Quick Launch Buttons EabServr exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files Google Gmail Notifier gnotify exe C Program Files Zone Labs ZoneAlarm zlclient exe C PROGRA Grisoft AVGFRE avgcc exe C Program Files QuickTime qttask exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Grouper Grouper exe C Program Files Logitech SetPoint SetPoint exe C Program Files palmOne HOTSYNC EXE C Program Files Common Files Logitech KhalShared KHALMNPR EXE C PROGRA hpq Shared HPQTOA EXE C Program Files Internet Explorer iexplore exe C Program Files ICQLite ICQLite exe C Program Files MSN Messenger msnmsgr exe C WINDOWS system svchost exe C Program Files Yahoo Messenger YahooMessenger exe C Program Files WinRAR WinRAR exe C DOCUME Gina LOCALS Temp Rar EX HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www orange co uk iesearch R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer SearchURL Default http uk rd yahoo com customize ie defaults su msgr http uk search yahoo com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost lt local gt R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run SunJavaUpdateSched C Program Files Java jre bin jusched exe O - HKLM Run HP Software Update C Program Files Hp... Read more